ui-ux-pro-max

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: A comprehensive security analysis of the skill's instructions, metadata, and scripts revealed no malicious patterns or security vulnerabilities.
  • [COMMAND_EXECUTION]: The skill provides a Python runner script (scripts/run.py) intended for the user to execute. The script's logic is limited to parsing parameters, handling API authentication via environment variables, and facilitating HTTPS requests to the service provider.
  • [EXTERNAL_DOWNLOADS]: The runner script attempts to import the certifi Python package to ensure secure SSL/TLS communication with the API. This is an industry-standard practice and represents a safe dependency.
  • [DATA_EXFILTRATION]: The skill collects user inputs (text, files, and URLs) and transmits them to the author's specified service at ai-skills.ai. This behavior is transparent, consistent with the skill's stated purpose, and does not involve unauthorized access to local sensitive files or credentials.
  • [PROMPT_INJECTION]: The skill ingests untrusted content through various parameters, which constitutes a surface for indirect prompt injection.
  • Ingestion points: Data enters through materialText, materialFile, and materialUrl fields defined in references/form-schema.json.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands were found in the provided files.
  • Capability inventory: The skill's primary capability is transmitting data to an external API; it does not have local filesystem write access or shell execution capabilities beyond the runner script itself.
  • Sanitization: No input sanitization or filtering logic was observed in the runner script, indicating reliance on downstream API guardrails.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ui-ux-pro-max