ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute shell commands for environment validation and setup, including using
sudo apt installto install Python, which represents a potential privilege escalation risk if the agent has shell access. The skill also performs search operations by interpolating user keywords into a Python command:python3 ${CLAUDE_PLUGIN_ROOT}/scripts/search.py "<keyword>". This creates a command injection surface if the agent does not properly escape shell metacharacters in the user input. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through its search workflow. Evidence: 1. Ingestion points: The agent retrieves information from
scripts/search.pyacross multiple domains. 2. Boundary markers: No delimiters or instructions to ignore nested prompts are used when processing search output. 3. Capability inventory: The agent generates and implements UI/UX code based on search results. 4. Sanitization: There is no evidence of validation or sanitization of the data retrieved from external domains. - EXTERNAL_DOWNLOADS (LOW): The skill suggests downloading software (Python) via system package managers like brew, apt, and winget during the prerequisites check.
Audit Metadata