ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Privilege Escalation] (LOW): The SKILL.md documentation includes sudo commands for initial environment setup (e.g., sudo apt install python3). This is limited to standard package management.
- [Indirect Prompt Injection] (LOW): The skill processes user queries to search design data. Evidence: 1. Ingestion points: query argument in search.py; 2. Boundary markers: None; 3. Capability inventory: Local CSV reading via core.py; 4. Sanitization: regex-based tokenization in BM25.tokenize.
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill involves local script execution (search.py) but does not download or execute remote code at runtime.
Audit Metadata