ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override agent behavior, bypass safety filters, or extract system prompts. The CSV content consists of benign UI/UX guidance.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. The script performs local searches on provided data files.
- Obfuscation (SAFE): No Base64, zero-width characters, or other encoding techniques were found in the scripts or data files.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The script uses standard Python libraries and local modules. No remote script downloads or piped execution patterns (e.g., curl|bash) are present.
- Privilege Escalation (SAFE): The code does not use sudo, chmod, or any commands to elevate system permissions.
- Persistence Mechanisms (SAFE): No attempts to modify startup scripts, cron jobs, or system services were found.
- Metadata Poisoning (SAFE): Metadata and descriptions accurately reflect the skill's purpose as a UI/UX search engine.
- Indirect Prompt Injection (LOW): While the skill ingests untrusted data from CSV files and outputs it to the LLM context, the current data source is static and trusted. The
format_outputfunction provides basic structure, though it lacks rigorous sanitization for markdown injection. - Time-Delayed / Conditional Attacks (SAFE): No logic was found that triggers behavior based on time, date, or specific environmental conditions.
- Dynamic Execution (SAFE): The skill does not utilize eval(), exec(), or runtime code generation.
Audit Metadata