ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The
SKILL.mdfile instructs the agent to execute shell commands (e.g.,python3 .../search.py "<keyword>") where the keyword is directly extracted from user requirements. This pattern is vulnerable to command injection if a user provides a maliciously crafted string (e.g.,; rm -rf /) and the agent fails to sanitize or escape it before executing the shell command. - [EXTERNAL_DOWNLOADS] (LOW): The
SKILL.mdfile includes instructions for installing Python via system package managers (apt,brew,winget). While these involve external downloads, they are standard prerequisite instructions for setting up the environment and target trusted system repositories. - [PROMPT_INJECTION] (SAFE): Analysis of the instructions in
SKILL.mdfound no evidence of bypass markers, role-play/jailbreak attempts, or instructions to ignore safety filters. The language is focused on task-specific workflow. - [DATA_EXFILTRATION] (SAFE): The provided Python scripts (
core.py,search.py) use only standard libraries and perform local file operations. There are no network-related imports or calls that would indicate data exfiltration.
Audit Metadata