ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: A comprehensive security analysis of the skill's instructions, metadata, and scripts revealed no malicious patterns or security vulnerabilities.
- [COMMAND_EXECUTION]: The skill provides a Python runner script (
scripts/run.py) intended for the user to execute. The script's logic is limited to parsing parameters, handling API authentication via environment variables, and facilitating HTTPS requests to the service provider. - [EXTERNAL_DOWNLOADS]: The runner script attempts to import the
certifiPython package to ensure secure SSL/TLS communication with the API. This is an industry-standard practice and represents a safe dependency. - [DATA_EXFILTRATION]: The skill collects user inputs (text, files, and URLs) and transmits them to the author's specified service at
ai-skills.ai. This behavior is transparent, consistent with the skill's stated purpose, and does not involve unauthorized access to local sensitive files or credentials. - [PROMPT_INJECTION]: The skill ingests untrusted content through various parameters, which constitutes a surface for indirect prompt injection.
- Ingestion points: Data enters through
materialText,materialFile, andmaterialUrlfields defined inreferences/form-schema.json. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands were found in the provided files.
- Capability inventory: The skill's primary capability is transmitting data to an external API; it does not have local filesystem write access or shell execution capabilities beyond the runner script itself.
- Sanitization: No input sanitization or filtering logic was observed in the runner script, indicating reliance on downstream API guardrails.
Audit Metadata