Skills
skills/pauloviccs/viccs_antigravity_skillscreator/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The SKILL.md file provides environment setup instructions for Linux users that include sudo commands (e.g., sudo apt update && sudo apt install python3), which facilitates privilege escalation.
  • [COMMAND_EXECUTION]: The skill's operational workflow relies on the agent executing local Python scripts (search.py) with arguments derived from user input. This requires the agent to have command execution capabilities on the host system.
  • [PROMPT_INJECTION]: The instructions in SKILL.md direct the agent to interpolate user-provided requirements directly into a shell command string: python3 .../search.py "<product_type> <industry> <keywords>". This creates a critical command injection vulnerability. An attacker can provide input containing shell metacharacters (such as ;, &&, ||, or backticks) to escape the intended Python command and execute arbitrary code with the same privileges as the AI agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 01:34 AM