ui-ux-pro-max
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is susceptible to Category 8 (Indirect Prompt Injection). It ingests search results from external sources and interpolates them into a 'Master Design System' which the agent is instructed to use as a global source of truth. 1. Ingestion points: scripts/search.py via args.query and results from core.search(). 2. Boundary markers: Absent; output is raw Markdown without clear delimiters. 3. Capability inventory: File-write access via the --persist flag across multiple script functions. 4. Sanitization: None; external content is formatted directly for agent consumption.
- Privilege Escalation (HIGH): Path Traversal vulnerability in file persistence (Category 5). The script constructs file paths using the project-name and page arguments provided via command line. The sanitization method only replaces spaces with dashes, failing to block traversal sequences like '../' or absolute paths, allowing an attacker to write files to arbitrary locations. 1. Evidence: project_slug and page_filename construction in scripts/search.py.
Recommendations
- AI detected serious security threats
Audit Metadata