ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Path traversal vulnerability in the design system persistence feature. The function
persist_design_systeminscripts/design_system.pyuses aproject_slugderived from user-provided input to construct directory and file paths. This string is not sanitized for directory traversal characters (such as ../), which could allow the skill to create or overwrite markdown files in arbitrary locations relative to the working directory if the agent is granted write permissions. - [PROMPT_INJECTION]: Indirect prompt injection risk. The skill ingests untrusted user input from the search query and interpolates it directly into generated design system files (
MASTER.mdand page-specific files) via the persistence feature. These files lack boundary markers or explicit instructions to ignore embedded content, creating a surface where malicious instructions could be persisted and subsequently obeyed by other agents reading the documentation. - Ingestion points: User-provided query in
scripts/search.pypassed todesign_system.py. - Boundary markers: Absent in generated markdown files.
- Capability inventory: Filesystem write access via
persist_design_systeminscripts/design_system.py. - Sanitization: Absent for project names and page titles.
- [SAFE]: References to external resources like Google Fonts and the Lucide icon library are used for design recommendations and do not involve automated script execution or sensitive data exfiltration.
Audit Metadata