ui-ux-pro-max
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The SKILL.md file contains setup instructions that include 'sudo apt install python3' for Ubuntu/Debian users. While these are standard system administration commands for environment preparation, they involve the use of elevated privileges for third-party software installation.
- [PROMPT_INJECTION] (HIGH): The skill presents a high-risk surface for indirect prompt injection. 1. Ingestion points: Data is ingested from various CSV files (e.g., styles.csv, ux-guidelines.csv) via the _load_csv function in scripts/core.py. 2. Boundary markers: Results are formatted for the agent in scripts/search.py using basic markdown without delimiters or instructions to ignore instructions embedded in the data. 3. Capability inventory: The agent is instructed in SKILL.md to 'build', 'create', 'implement', and 'refactor' code based on the search results, granting it high-privilege file modification capabilities. 4. Sanitization: No sanitization is performed on the data retrieved from the CSV files, allowing malicious content in the data to manipulate the agent's code output.
Recommendations
- AI detected serious security threats
Audit Metadata