ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on shell command execution for search functionality and environment preparation.
- Documentation in
SKILL.mddirects the user or agent to install the Python 3 runtime using standard tools such as Homebrew, APT, or Winget. - The core search functionality is invoked by running the provided local Python CLI tools (
scripts/search.py). - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where untrusted user input interacts with file system capabilities.
- Ingestion points: User queries are ingested as arguments for the BM25 search engine in
scripts/search.py. - Boundary markers: Search results are presented to the agent as formatted markdown text without specific isolation delimiters.
- Capability inventory: The logic in
scripts/design_system.pyallows for directory creation and file writes to thedesign-system/path to persist generated design guidelines. - Sanitization: Input strings are tokenized into words for indexing, which provides a level of structural constraint but does not specifically sanitize against LLM instruction hijacking.
Audit Metadata