ui-ux-pro-max
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructs the agent to run a Python script with user-supplied keywords as arguments. This is a direct command injection vector if the input contains shell-active characters.
- COMMAND_EXECUTION (HIGH): Setup instructions require 'sudo' for package installation on Linux systems, posing a privilege escalation risk.
- EXTERNAL_DOWNLOADS (LOW): Recommends installing Python 3 via system package managers (APT, Homebrew, Winget).
- PROMPT_INJECTION (MEDIUM): User-controlled keywords are passed into the agent's workflow parameters, which can be manipulated to influence the search logic.
Recommendations
- AI detected serious security threats
Audit Metadata