Skills
skills/nhqvu2005/vibegravitykit/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Fail

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Path Traversal vulnerability in design system persistence. The persist_design_system function in scripts/design_system.py constructs file system paths using the user-provided project_name and page arguments. These arguments are processed using only a basic replace(' ', '-') and are not sanitized for traversal sequences such as ../. This allows an attacker or malicious prompt to cause the skill to create directories and write files (including MASTER.md and tailwind.config.js) to arbitrary locations on the host system relative to the working directory.
  • [COMMAND_EXECUTION]: Unauthorized file overwrite risk. The skill has the capability to write a tailwind.config.js file to the disk. By combining this with the path traversal vulnerability, the skill could be used to overwrite critical project configuration files in a user's workspace, potentially leading to unauthorized changes in project build behavior or settings.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 24, 2026, 04:07 AM
Security Audit — agent-trust-hub — ui-ux-pro-max