ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection as it ingests untrusted user input to query local data files.
- Ingestion points: User-provided search terms are passed as command-line arguments to
scripts/search.pyand processed by theDesignSystemGeneratorinscripts/design_system.py. - Boundary markers: The search engine in
scripts/core.py(BM25.tokenize) uses regex (re.sub(r'[^\w\s]', ' ', str(text).lower())) to sanitize input by removing non-alphanumeric characters, which helps prevent control-character injection. - Capability inventory: Analysis of
core.py,design_system.py, andsearch.pyshows the scripts are limited to reading local CSV files and generating formatted text (ASCII/Markdown). There are no network calls, file-write operations, or subprocess executions within the codebase. - Sanitization: Input is lowercased and filtered through a strict whitelist (words longer than 2 characters) before being used for scoring.
- [COMMAND_EXECUTION]: The documentation in
SKILL.mdlists shell commands for checking and installing Python (e.g.,brew install,sudo apt install,winget install). These are standard administrative instructions provided for the user to set up the necessary environment and are not executed programmatically by the skill scripts. - [DATA_EXPOSURE]: No hardcoded secrets, API keys, or sensitive local file paths (such as SSH keys or environment files) were detected. The skill scripts are restricted to accessing the provided CSV data within the
data/directory.
Audit Metadata