ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The tool processes and displays content from external CSV files, which serves as an ingestion point for untrusted data.\n
- Ingestion points: Multiple CSV files located in the
data/directory (e.g.,ux-guidelines.csv,prompts.csv) are loaded via_load_csvinscripts/core.py.\n - Boundary markers: No delimiters or isolation instructions are used to wrap search results, meaning any embedded instructions in the data could be interpreted by the LLM as higher-priority commands.\n
- Capability inventory: The skill is strictly limited to data retrieval and text output; it lacks dangerous capabilities such as network access, subprocess execution, or system file writing.\n
- Sanitization: CSV content is passed directly to the output without any escaping or filtering of potentially malicious prompt strings.
Audit Metadata