Skills
skills/kyirexy/designsystem-pro-max-skill/ds-pro-max/Gen Agent Trust Hub

ds-pro-max

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The scripts/generate.py tool accepts a user-defined --output file path and writes content to it using open(output_path, 'w'). The script lacks path validation or sanitization, creating a risk of path traversal where a malicious prompt could trick the agent into overwriting critical system or configuration files (e.g., .bashrc or .ssh/config).
  • [COMMAND_EXECUTION] (LOW): The SKILL.md file provides setup instructions that include sudo apt install. While intended for legitimate environment setup, recommending the use of administrative privileges is a high-risk pattern that can be misused if the surrounding environment is not properly isolated.
  • [INDIRECT PROMPT INJECTION] (LOW): The skill is susceptible to indirect injection through its processing of design specifications and user queries.
  • Ingestion points: User-provided query strings in search.py and generate.py.
  • Boundary markers: Absent. Instructions do not specify delimiters for user-provided data when passed to scripts.
  • Capability inventory: Local file writing in generate.py.
  • Sanitization: None. Data from queries is interpolated into templates or used for file naming without validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:20 PM