Skills
skills/zhanlincui/ultimate-agent-skills-collection/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface. The script retrieves data from external CSV files and formats it for consumption by the AI agent without clear boundary delimiters.
  • Ingestion points: Search query argument and results returned from the search and search_stack functions in scripts/search.py.
  • Boundary markers: The format_output function uses standard Markdown headers but lacks explicit instructions for the agent to ignore potentially malicious content within the search results.
  • Capability inventory: The skill has the capability to write files to the local filesystem via the --persist and --page flags.
  • Sanitization: File path construction for the persistence feature only replaces spaces with dashes, which does not prevent path traversal if malicious strings like '../' are provided as project or page names.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:08 PM