UI/UX Design Review
Audited by Gen Agent Trust Hub on Feb 12, 2026
================================================================================
🟡 VERDICT: MEDIUM
This skill provides comprehensive UI/UX design review capabilities. The primary concern is the manual installation method which instructs users to clone a GitHub repository from an unverified source. While the current content appears benign, relying on an untrusted external source for installation introduces a supply chain risk. Additionally, as a skill designed to process user-provided content (designs, screenshots, text), there is an inherent risk of indirect prompt injection.
Total Findings: 3
🟡 MEDIUM Findings: • Unverifiable Dependency (git clone from untrusted GitHub)
- README.md, Line 40: git clone https://github.com/rknall/claude-skills
🔵 LOW Findings: • Unverifiable Dependency (npm install from trusted registry)
- testing-resources.md, Line 80: npm install -g pa11y • Unverifiable Dependency (npm install from trusted registry)
- testing-resources.md, Line 99: npm install --save-dev axe-core
ℹ️ INFO Findings: • Indirect Prompt Injection Risk
- SKILL.md: This skill processes user-provided content (designs, screenshots, text descriptions), making it susceptible to indirect prompt injection if malicious instructions are embedded within the user's input. • External References (trusted/reputable sources)
- testing-resources.md: Multiple URLs referencing well-known accessibility tools and resources (e.g., deque.com, webaim.org, developers.google.com, nvaccess.org, freedomscientific.com, apple.com, getstark.co, tpgi.com, colororacle.org, michelf.ca, browserstack.com, usertesting.com, maze.co, hotjar.com, fullstory.com, w3.org, a11yproject.com, dequeuniversity.com). These are informational references, not direct execution or downloads. • External References (trusted/reputable sources)
- wcag-checklist.md: Multiple URLs referencing WCAG guidelines and accessibility resources (e.g., w3.org, webaim.org, a11yproject.com, deque.com). These are informational references, not direct execution or downloads.
================================================================================