design-good
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using python3 to run scripts located at a specific path in the user's home directory ($HOME/.claude/skills/ui-ux-pro-max/scripts/search.py). This involves running local scripts with user-controlled parameters derived from the $ARGUMENTS variable.- [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by interpolating untrusted user data into its task planning and command execution flow.
- Ingestion points: User input is accepted through the $ARGUMENTS placeholder and used to fill command-line arguments like and in SKILL.md.
- Boundary markers: The instructions lack delimiters or explicit warnings to the agent to ignore or sanitize embedded commands within the user input.
- Capability inventory: The agent is granted the capability to execute shell commands (python3), perform file operations, and invoke specialized subagents such as ui-ux-designer, researcher, and ai-multimodal as described in SKILL.md.
- Sanitization: No input validation or escaping mechanisms are provided in the skill instructions to ensure that the user-supplied arguments do not contain malicious instructions or shell metacharacters.
Audit Metadata