ui-ux-pro-max
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill creates a high-risk surface for indirect prompt injection by processing external data for agent consumption without sanitization. 1. Ingestion points: The
args.queryparameter and results fromcore.searchinsearch.py. 2. Boundary markers: Absent; the tool uses standard Markdown headers which do not prevent the agent from interpreting data as instructions. 3. Capability inventory: High-impact capability to write and persist files to the local filesystem. 4. Sanitization: None; the script only performs length truncation on returned values. - COMMAND_EXECUTION (HIGH): The persistence logic for design systems is vulnerable to path traversal. The
--project-nameand--pagearguments are used to construct file paths after only replacing spaces with dashes. This allows an attacker to use..sequences to write files to arbitrary locations outside the intendeddesign-system/directory. - DATA_EXFILTRATION (MEDIUM): The ability to specify an arbitrary
--output-dirand manipulate file paths through traversal can be used to overwrite system configurations or move sensitive files to locations accessible to the agent or external entities.
Recommendations
- AI detected serious security threats
Audit Metadata