ui-ux-pro-max
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to acquire administrative privileges using
sudo apt install python3during the environment setup process. - [COMMAND_EXECUTION]: Orchestrates the execution of a local Python script
skills/ui-ux-pro-max/scripts/search.pywhich processes user-provided keywords and parameters. - [PROMPT_INJECTION]: Creates an indirect prompt injection vulnerability via a persistence pattern where generated design rules are saved and later re-ingested as trusted instructions.
- Ingestion points: Files
design-system/MASTER.mdanddesign-system/pages/*.mdare read back into the agent context. - Boundary markers: None identified; instructions explicitly tell the agent to "prioritize its rules" over other context.
- Capability inventory: Includes local script execution and system command capabilities via Python.
- Sanitization: Content is persisted and re-read without validation or escaping, allowing potentially malicious generated content to influence subsequent agent behavior.
- [EXTERNAL_DOWNLOADS]: Recommends downloading software from well-known technology services and package managers, including Homebrew and Windows Package Manager (Winget).
Recommendations
- AI detected serious security threats
Audit Metadata