ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs local file system operations to persist generated design system documentation.
- In
scripts/design_system.py, thepersist_design_systemfunction constructs file paths using user-provided project and page names. While spaces are replaced with hyphens, the logic does not explicitly sanitize inputs for path traversal sequences like... This could theoretically allow an attacker to influence the location where the Markdown files are saved on the local system. - The skill documentation in
SKILL.mdincludes instructions for the agent to execute system-level commands, includingsudo apt install python3, to satisfy environment prerequisites. While these are transparently documented, they involve high-privilege operations. - [SAFE]: The core logic of the skill is contained in local Python scripts that use the standard library to search through pre-defined CSV datasets. No instances of obfuscation, hardcoded credentials, or unauthorized network communication were detected.
Audit Metadata