ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes a local search script. While it involves shell interpolation of user keywords, this is the primary intended function, and the script itself includes internal tokenization to sanitize the search process.
- DATA_EXFILTRATION (SAFE): Analysis of the Python scripts confirms no network calls or access to sensitive user files. Operations are restricted to the skill's own
datadirectory. - INDIRECT_PROMPT_INJECTION (SAFE): The skill ingests data from local CSVs based on user queries.
- Ingestion points: Search query parameters in
scripts/search.py(e.g., product type, style, typography keywords). - Boundary markers: Not explicitly defined in the synthesis instructions, but the data source is static and included with the skill.
- Capability inventory: Local script execution via
scripts/search.pyfor reading data. - Sanitization: Basic alphanumeric regex filtering (
re.sub(r'[^\w\s]', ' ', ...)) is applied within the core search engine to sanitize tokens.
Audit Metadata