ui-orchestrator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill prompts users to install and run code from untrusted external sources. Evidence: 'npx skills add ibelick/ui-skills' and 'npx skills add https://github.com/avdlee/swiftui-agent-skill'.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill recommends 'npm install -g uipro-cli && uipro init --ai claude', which involves globally installing an unverified package and immediately executing a binary from it.
- [COMMAND_EXECUTION] (MEDIUM): The skill includes shell scripts to scan the user's local filesystem (e.g., ~/.claude/skills) for installed components.
- [EXTERNAL_DOWNLOADS] (LOW): Recommends 'anthropics/skills', which is a recognized trusted source under the [TRUST-SCOPE-RULE], though this does not mitigate the risks from the other untrusted recommendations.
Recommendations
- AI detected serious security threats
Audit Metadata