ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Path Traversal Vulnerability in File Persistence.
- Evidence: The
persist_design_systemfunction inscripts/design_system.pyconstructs directory and file paths using theproject_nameandpagearguments provided via the command-line interface inscripts/search.py. - Details: The implementation only replaces spaces with hyphens but fails to sanitize or strip directory traversal sequences such as
... This allows a user or an automated process to write markdown files outside the intendeddesign-system/directory, potentially creating or overwriting files in arbitrary locations within the agent's accessible workspace. - [PROMPT_INJECTION]: Indirect Prompt Injection Attack Surface.
- Evidence: The skill is designed to generate a "Design System Master File" (
MASTER.md) and page-specific override files, which it then instructs the agent to read and prioritize as a source of truth during development tasks. - Details:
- Ingestion points: The system ingests data from local CSV files (e.g.,
ui-reasoning.csv) and interpolates user-provided query strings directly into generated markdown instructions. - Boundary markers: The generated files do not include delimiters or instructions for the agent to ignore potentially embedded malicious commands.
- Capability inventory: The skill possesses file-writing capabilities and explicitly directs the agent to follow rules stored in these files in future turns.
- Sanitization: There is no sanitization of the content retrieved from CSVs or user queries before they are written to the persistent instruction files, creating a vulnerability where a compromised data source or a malicious user query could permanently alter the agent's behavior for a specific project.
Audit Metadata