ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file contains instructions for the agent to install Python on the host system using commands like 'sudo apt install python3', 'brew install python3', and 'winget install'. Automated execution of system package managers with elevated privileges (sudo) by an AI agent is a high-risk action that can lead to unauthorized system modifications.\n- [PROMPT_INJECTION]: The skill uses authoritative language (e.g., 'REQUIRED', 'Always start with') to mandate specific workflows. This can potentially override user intent or the agent's internal safety constraints.\n- [PROMPT_INJECTION]: The skill processes untrusted user input as search queries which then influence the agent's design and code generation. This creates an indirect prompt injection surface. Evidence includes:\n
- Ingestion points: User input passed to search.py and scripts/core.py via the command line.\n
- Boundary markers: Search results are formatted in ASCII boxes in design_system.py but lack explicit instructions to the agent to treat the content as data only and ignore any embedded directives.\n
- Capability inventory: The agent is authorized to execute Python scripts and potentially run system installation commands involving subprocess execution.\n
- Sanitization: The BM25 engine in core.py performs basic tokenization (lowercasing and punctuation removal) but does not formally sanitize input against prompt injection techniques used in the data aggregation phase.
Audit Metadata