Skills
skills/sivag-lab/roth_mcp/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documentation in SKILL.md contains instructions for the agent to execute system package manager commands (such as 'apt', 'brew', and 'winget') to install the Python runtime if it is missing from the environment.
  • [EXTERNAL_DOWNLOADS]: Data files within the skill recommend the use of well-known developer tools and registries (e.g., npx shadcn, expo install, pub.dev) to manage project dependencies and initialize UI components.
  • [PROMPT_INJECTION]: The skill utilizes an indirect prompt injection surface by reading design guidelines from local CSV files and supplying them to the agent's context.
  • Ingestion points: Multiple local CSV data files located in the 'data/' directory.
  • Boundary markers: Content is presented in a structured format but lacks explicit delimiters or instructions for the agent to ignore any embedded directives.
  • Capability inventory: The agent executes a local Python search script to read the local database.
  • Sanitization: Data is processed for search relevance but is not sanitized for instruction safety before output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 06:52 AM