Skills
skills/ralphjohn29/my-claude-skills/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: In SKILL.md, the workflow instructs the agent to execute a local Python script using the command python3 .claude/skills/ui-ux-pro-max/scripts/search.py "<keyword>". Because the <keyword> is derived from unvalidated user input, a malicious user could provide input containing shell metacharacters (e.g., backticks or subshells) to achieve arbitrary command execution on the host.
  • [COMMAND_EXECUTION]: The SKILL.md file contains setup instructions that include privileged commands such as sudo apt install python3. If the agent attempts to run these commands automatically to satisfy the 'Prerequisites' section, it could lead to unauthorized privilege escalation on the environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user data to generate search keywords. A user could craft a request designed to manipulate the keyword extraction process to influence the shell command parameters or override the agent's intended behavior.
  • [PROMPT_INJECTION]: The file data/prompts.csv contains pre-defined prompt fragments intended to be used by the agent. While currently benign, this demonstrates a surface for data-driven prompt injection where the agent's output is directly controlled by the contents of external data files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 06:23 PM