ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Privilege Escalation (MEDIUM): In
SKILL.md, the instructions recommend usingsudo apt install python3for setup on Linux environments. While standard for software installation, requesting root privileges is a high-risk operation. The severity is set to MEDIUM as this is associated with the primary installation purpose. - Indirect Prompt Injection (LOW): The skill's workflow in
SKILL.mdrequires the agent to interpolate user-provided keywords directly into shell command strings (e.g.,python3 .../search.py "<keyword>"). - Ingestion points: User-provided product types, styles, and industry keywords in
SKILL.mdStep 1. - Boundary markers: Absent. No instructions are provided to the agent to escape or sanitize the
<keyword>against shell metacharacters. - Capability inventory: The agent is granted the capability to execute shell commands (subprocess calls) to run the search script.
- Sanitization: While
core.pytokenizes input using regexre.sub(r'[^\w\s]', ' ', ...)which would neutralize most injection attempts within the Python logic, the initial shell command construction by the agent remains a vulnerable surface if the agent fails to properly quote/escape the input.
Audit Metadata