ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Path traversal vulnerability in
scripts/design_system.py. Thepersist_design_systemfunction constructs directory and file paths using the user-providedproject_nameandpagearguments. These inputs are only modified by replacing spaces with hyphens and are not sanitized for path traversal sequences (e.g.,../), allowing an attacker to write files outside the intendeddesign-system/directory. - [PROMPT_INJECTION]: Indirect prompt injection surface. The skill ingests untrusted user input via the
queryandpage_queryarguments and interpolates these strings into markdown content formatted for the agent's context inscripts/design_system.py. The absence of clear boundary markers or sanitization for instructions within these strings could allow an attacker to influence the agent's behavior during the design planning phase.
Audit Metadata