ui-ux-pro-max
Fail
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands with elevated privileges, specifically
sudo apt update && sudo apt install python3, which grants administrative access to the host system. - [EXTERNAL_DOWNLOADS]: The skill encourages the installation of external software (Python 3) using system package managers like
apt,brew, andwingetto fulfill its prerequisites. - [COMMAND_EXECUTION]: The core functionality of the skill relies on executing a local Python script,
search.py, to process user queries and manage design data. - [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by capturing untrusted user input via queries and persisting the results into Markdown files (e.g.,
design-system/MASTER.md). These files are subsequently used as authoritative context for the agent's code generation tasks. - Ingestion points: User-supplied design queries passed as arguments to the
search.pyscript. - Boundary markers: The instructions do not define delimiters or warnings to the agent to distinguish between system rules and user-generated content in the persisted files.
- Capability inventory: The skill uses the
search.pyscript to perform file writing and search operations across the local filesystem. - Sanitization: There is no mention of input validation, escaping, or filtering for the user-provided queries before they are written to the persistent design documents.
Recommendations
- AI detected serious security threats
Audit Metadata