ui-ux-pro-max

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] BENIGN: The skill fragment describes legitimate UI/UX design guidance capabilities, with design system generation workflows and domain-driven searches. There is no evidence of credential harvesting, hidden data exfiltration, or misused permissions. The footprint (read-only guidance, optional script usage) matches the stated purpose. Potential risks are minimal and revolve around the security of the referenced local scripts and any external domains those scripts may contact in actual usage. If those external calls exist in the real implementation, they should be reviewed separately for trust and data handling. LLM verification: The README itself is benign documentation for a UI/UX skill, but it directs users to execute a bundled Python script whose implementation and network endpoints are not provided. That creates a moderate supply-chain risk: running the script could lead to arbitrary code execution, local data access, or network exfiltration. Prior to use, inspect the script, verify provenance (repo/checksum), and run it with limited privileges or in a sandbox. If the script is audited and only calls known, safe pub