web-design-guidelines

The skill correctly documents a useful UI-guideline linter, but its design embeds a supply-chain risk: it fetches authoritative rules from raw.githubusercontent.com on every run without integrity verification, pinned versions, or constraints on how fetched instructions can influence agent behavior. Direct malicious code was not found in the provided fragment and no hard-coded credentials are present; however, an attacker who modifies the remote guidelines could cause data leakage or coerce the agent into unsafe actions. Recommended mitigations: pin to a commit hash or include signed rule files, implement integrity checking (checksums or signatures), cache a vetted fallback guideline set, and explicitly forbid fetched rules from instructing network exfiltration or execution of arbitrary commands. With those safeguards, the residual risk is substantially reduced.