ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python scripts that perform filesystem operations to persist configuration data.
scripts/design_system.pycontains logic to create directories and write markdown files (MASTER.mdand page-specific overrides) within adesign-system/directory. This is an intended feature for maintaining design consistency across agent sessions.- [PROMPT_INJECTION]: The skill implements a search-based recommendation system that is susceptible to indirect prompt injection surface vulnerabilities.
- Ingestion points: User-provided queries passed to
scripts/search.pyare used to retrieve information from internal CSV files. - Boundary markers: The retrieved recommendations are formatted and returned to the agent context without explicit delimiters or security markers to isolate untrusted content from the agent's instructions.
- Capability inventory: The skill possesses file system write access (
scripts/design_system.py) and its primary purpose is to provide instructions that directly guide the agent's code generation behavior. - Sanitization: Input undergoes basic tokenization in
scripts/core.py(removing punctuation and short words), but lacks dedicated security sanitization or validation against instructional patterns. - [COMMAND_EXECUTION]: Documentation in
SKILL.mdprovides standard environment setup instructions using privileged commands. - Includes
sudo apt install python3for Linux dependency management, which is a routine and non-malicious administrative task for tool installation.
Audit Metadata