dioxus-ui-ux
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of local Python scripts (
search.py,core.py,design_system.py) to perform search operations and generate design documentation on the host system. - [DATA_EXFILTRATION]: A directory traversal vulnerability exists in
scripts/design_system.pywithin thepersist_design_systemfunction. The script uses the user-suppliedproject_nameto construct a file path without sanitizing for traversal sequences like..or/. This allows an attacker (or a misled AI agent) to create directories and files (specificallyMASTER.md) in arbitrary locations on the file system where the user has write permissions. - [PROMPT_INJECTION]: The skill exhibits a vulnerability to Indirect Prompt Injection. It ingests data from multiple CSV files and interpolates the content directly into generated markdown files (
MASTER.mdand page-specific overrides). The AI agent is explicitly instructed to treat these generated files as a 'Master' source of truth and follow their rules, creating a channel where malicious content embedded in the source data could override agent behavior. - Ingestion points: The
queryandproject_namearguments inscripts/search.py, as well as the content of the CSV files in thedata/directory. - Boundary markers: No delimiters or safety warnings are present in the generated markdown files to prevent the agent from obeying instructions found within the data.
- Capability inventory: The skill has the capability to write to the file system using Python's
open()function with 'w' mode. - Sanitization: While the BM25 search tokenizer removes punctuation, the data extracted from CSVs is used raw in the document generation process.
Audit Metadata