Skills
skills/prorise-cool/prorise-claude-skills/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Privilege Escalation] (HIGH): The file SKILL.md contains instructions for the user or agent to execute sudo apt update && sudo apt install python3. The use of sudo to install system packages represents a high-severity privilege escalation risk if the environment is not strictly controlled.- [Indirect Prompt Injection] (HIGH): The skill's core functionality relies on searching and ingesting data from CSV files which directly influences the agent's output and code generation tasks.
  • Ingestion points: Data is loaded from CSV files in the data/ directory via _load_csv in scripts/core.py.
  • Boundary markers: The format_output function in scripts/search.py provides no delimiters or instructions to the agent to ignore potentially malicious content within the search results.
  • Capability inventory: The agent is instructed to use the results to 'implement design,' which involves generating frontend code (React, Vue, Tailwind).
  • Sanitization: There is no sanitization or validation of the CSV content; it is passed directly into the agent context, creating a surface where malicious data could lead to the generation of malicious code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:39 PM