ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from several CSV files and presents it to the agent without strong boundary markers. This allows potentially malicious instructions within the data to influence the agent's behavior.\n
- Ingestion points: Data is read from
data/charts.csv,data/colors.csv,data/stacks/jetpack-compose.csv, anddata/web-interface.csv.\n - Boundary markers: The
format_outputfunction inscripts/search.pyuses Markdown headers but lacks explicit 'ignore instructions' delimiters for the CSV content.\n - Capability inventory: The script possesses file-writing capabilities via the
--persistflag.\n - Sanitization: No sanitization of the CSV content or the project name is visible in the provided files.\n- Data Exposure (LOW): The
scripts/search.pyscript handles the--project-nameand--output-dirarguments which are used to construct file paths. The absence of sanitization for directory traversal characters (e.g.,../) could allow an agent to be manipulated into writing files outside the intended directory, potentially impacting sensitive paths.\n- Unverifiable Logic (SAFE): The script references external local modulescore.pyanddesign_system.pywhich were not provided for analysis, preventing a complete audit of the search algorithm and persistence implementation.
Audit Metadata