ui-ux-pro-max
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface where untrusted user queries are processed and persisted to the filesystem.\n
- Ingestion points: The
queryargument inscripts/search.pyis directly sourced from user/agent input.\n - Boundary markers: There are no delimiters or instructions to ignore embedded commands in the processed input.\n
- Capability inventory: The script has the capability to create and modify files (e.g.,
design-system/MASTER.md) via thepersistflag inscripts/search.py.\n - Sanitization: No sanitization or escaping of the user-provided query is performed before it is used to generate documentation that steers the agent's logic.\n- Unverifiable Logic (MEDIUM): Core functionality is hidden in missing local dependencies.\n
- Evidence:
scripts/search.pyimports critical functions fromcore.pyanddesign_system.py, which are not included in the provided skill files. This obscures the search implementation and file-writing logic, making it impossible to verify if the skill performs unsafe network operations or further file manipulations.
Recommendations
- AI detected serious security threats
Audit Metadata