ui-ux-pro
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Path traversal vulnerability in filesystem persistence logic. The function
persist_design_systeminscripts/design_system.pyconstructs file paths for writing markdown documents using theproject_nameandpageparameters derived from user-controlled input. The logic performs minimal sanitization (lowercasing and replacing spaces with dashes), which does not prevent directory traversal sequences such as... This could allow an attacker to write files to arbitrary locations on the host system beyond the intendeddesign-system/directory.- [PROMPT_INJECTION]: Indirect prompt injection surface identified through untrusted data ingestion. The skill loads and parses structured data fromdata/ui-reasoning.csv, including aDecision_Rulesfield containing JSON-formatted instructions that are used to guide the agent's reasoning. This content lacks boundary markers and sanitization, allowing for the possibility of influencing agent behavior via malicious data payloads. Evidence Chain: 1. Ingestion point:data/ui-reasoning.csv; 2. Boundary markers: Absent; 3. Capability inventory: File system writing (scripts/design_system.py); 4. Sanitization: Absent.
Audit Metadata