ux-extract

SUSPICIOUS: the skill is broadly aligned with UX research, but it grants an agent expansive autonomous browser access to third-party sites, including authenticated sessions, and processes untrusted web content while writing local artifacts. No attacker endpoint, credential harvesting flow, or malicious installer appears here; the main risks are over-collection, session-scoped data exposure, and prompt-injection through external web content.