ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow involves the execution of a local Python script (
search.py) to search through design domains and generate recommendations. Evidence is found instep-2-generate-design-system-required.mdandstep-4-stack-guidelines.md.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating untrusted user input (product type, industry, keywords) directly into shell command arguments for the search script. \n - Ingestion points: User requirements extracted during Step 1 are passed to the search script in Step 2.\n
- Boundary markers: None present. Input is enclosed in double quotes but not escaped, making it vulnerable to command injection (e.g., via backticks or semicolons).\n
- Capability inventory: Shell execution of a Python script with variable arguments.\n
- Sanitization: No evidence of sanitization or validation of the user-provided strings before interpolation.\n- [COMMAND_EXECUTION]: The skill provides explicit instructions for the user or agent to perform software installations using administrative or elevated privileges (e.g.,
sudo apt install python3). This is documented insub-skills/8-charts-data-low.mdas part of the environment prerequisites.
Audit Metadata