Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/ux-heuristics/Gen Agent Trust Hub

ux-heuristics

Warn

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: The 'Instructions' and 'Error Handling' sections of the 'SKILL.md' file contain commands and logic that are entirely unrelated to the skill's stated purpose of UX evaluation. It instructs the agent to 'Assess the current state of the ORM configuration' and 're-authenticate with ORM', which overrides the expected behavior of a usability tool with database-related tasks.\n- [CREDENTIALS_UNSAFE]: The skill's metadata and error-handling tables explicitly reference 'expired credentials' and 'tokens' in an ORM context. This creates a risk where the agent might mistakenly attempt to seek out, process, or expose sensitive authentication tokens or database connection strings under the guise of performing a UX review.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 07:43 AM