Skills
skills/xmx0632/claude-code-demo/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [Privilege Escalation] (HIGH): The prerequisites section in SKILL.md instructs the user to execute sudo apt update && sudo apt install python3. Requesting administrative privileges is a high-risk operation that should be avoided in agent skills.
  • [Indirect Prompt Injection] (HIGH): The workflow in SKILL.md (Step 2) uses python3 .claude/skills/ui-ux-pro-max/scripts/search.py "<keyword>" to process user input. This pattern is vulnerable to command injection if the <keyword> extracted from the user request contains shell metacharacters.
  • Ingestion points: User requirements extracted in Step 1 (Product type, Style keywords, etc.).
  • Boundary markers: None. Input is placed directly inside double quotes in a shell command.
  • Capability inventory: Shell command execution via python3 subprocess calls.
  • Sanitization: No evidence of sanitization or escaping of the <keyword> parameter, allowing an attacker to execute arbitrary commands by providing a keyword like "; touch /tmp/pwned; ".
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:23 AM