Skills
skills/samhvw8/dotfiles/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface
  • Ingestion points: The skill accepts user-supplied project names and page names via the CLI arguments in scripts/search.py and scripts/design_system.py, which are used to generate documentation.
  • Boundary markers: The generated markdown files (MASTER.md and page-specific overrides) lack clear delimiters or "ignore embedded instructions" warnings for the user-influenced fields.
  • Capability inventory: The skill has the capability to write these files to the local file system (scripts/design_system.py) and specifically instructs the agent in SKILL.md to read these persisted files and "strictly follow" or "prioritize" the rules within them for subsequent code generation tasks.
  • Sanitization: While the skill tokenizes search queries, it does not sanitize the project or page names used in file creation, creating a surface where malicious instructions could be persisted and later executed by the agent. This is a classic indirect prompt injection vector where data processed in one session influences the agent's behavior in another.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 02:12 PM
Security Audit — agent-trust-hub — ui-ux-pro-max