ui-ux-design
Warn
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill contains instructions for high-privilege system operations, including
sudo apt install python3on Linux systems. - [COMMAND_EXECUTION]: The agent is instructed to execute a local script (
search.py) with keywords extracted from user requests, which could enable command injection if inputs are not properly sanitized before execution. - [REMOTE_CODE_EXECUTION]: The metadata includes an installation step that uses
curlto download skill content from a remote repository. - [EXTERNAL_DOWNLOADS]: The skill downloads its definition and potentially other scripts from a remote GitHub repository (
majiayu000/claude-skill-registry) that is not a verified official source for the stated author. - [COMMAND_EXECUTION]: The skill references a local Python script (
.claude/skills/ui-ux-design/scripts/search.py) whose source code is not provided in the analysis package, making its behavior unverifiable.
Audit Metadata