Skills
skills/lyq-lin/ycode.cli/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Privilege Escalation (HIGH): The prerequisites section contains the command 'sudo apt update && sudo apt install python3' for Ubuntu/Debian users. Requesting administrative privileges via 'sudo' is a high-risk operation in automated agent environments.
  • Indirect Prompt Injection (LOW): The skill workflow interpolates untrusted user input (keywords like product type or industry) directly into shell commands for the 'search.py' script. This creates a potential surface for command injection if the input is not sanitized.
  • Ingestion points: User-provided strings for product types, industries, and styles used as keywords in SKILL.md.
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded instructions in the keyword variables.
  • Capability inventory: Subprocess execution of local Python scripts using 'python3' across multiple workflow steps.
  • Sanitization: Absent; the instructions provide no mechanism for escaping or validating the user-provided keyword variables before they are passed to the shell.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:28 PM