ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a local database for UI/UX best practices, using Python to facilitate searching across several design domains.
- [COMMAND_EXECUTION]: The skill includes Python scripts (
scripts/search.py,scripts/core.py,scripts/design_system.py) intended for execution by the agent. These scripts were audited and found to contain only benign logic for text search (BM25) and local CSV file processing. They do not access sensitive system paths or perform network requests. - [EXTERNAL_DOWNLOADS]: The data files (
data/typography.csv) contain URLs for Google Fonts, and various stack files (e.g.,data/stacks/nextjs.csv) link to official framework documentation. These are well-known, trusted sources and are used solely for user reference. - [DATA_EXFILTRATION]: No network-related Python modules (such as
requests,urllib, orsocket) are imported in the scripts. The skill does not attempt to read sensitive files or exfiltrate data. - [PROMPT_INJECTION]: The instructions in
SKILL.mdprovide structured workflows for generating design systems. There are no attempts to override system prompts, bypass safety filters, or extract sensitive model information. - [PRIVILEGE_ESCALATION]: Setup instructions in
SKILL.mdinclude standard package manager commands (e.g.,sudo apt install python3) for environment preparation. These are benign, user-facing instructions and do not represent a privilege escalation vulnerability.
Audit Metadata