ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's installation documentation includes instructions for administrative commands (sudo) to install system dependencies, which poses a privilege escalation risk if executed by the agent.
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions to use external package managers such as Homebrew, APT, and Winget to download and install software dependencies.
- [COMMAND_EXECUTION]: The primary function of the skill involves the execution of a local Python script (scripts/search.py) to access and retrieve information from the provided CSV database.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as user-supplied queries are used to fetch and return content that includes implementation code snippets. Evidence Chain: Ingestion: query parameter in scripts/search.py; Boundary markers: Absent; Capabilities: Local script execution; Sanitization: Regex-based punctuation removal in core.py.
Audit Metadata