ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The script processes and displays search results that could contain malicious instructions designed to influence the behavior of the AI agent reading them.
- Ingestion points: The
queryargument and the content returned by the BM25 search engine (imported viacore.search). - Boundary markers: Uses markdown headers (
### Result 1) and lists to separate data, but lacks explicit instructions to the model to ignore content within these blocks. - Capability inventory: The script can write files to the local file system (
--persist). - Sanitization: Truncates result values to 300 characters, which limits the payload size but does not sanitize content.
- File System Operations (LOW): The script constructs file paths using user-provided strings (
project-name,page). While it replaces spaces with hyphens, it does not explicitly sanitize for directory traversal characters (e.g.,..), which could allow writing files outside the intendeddesign-system/directory.
Audit Metadata