web-design-guidelines

[Skill Scanner] System prompt extraction attempt BENIGN: The skill’s stated purpose (UI guideline compliance checks) aligns with its capabilities (fetch rules, apply to files, output findings). No credentialing, suspicious data flows, or dangerous permissions are evident. The only external dependency is the guidelines source, which is typical for such a tool and does not introduce evident abuse vectors. LLM verification: The skill's stated purpose and workflow are coherent and align with a UI guideline review tool. However, the static analyzer flag indicating a system prompt extraction attempt in SKILL.md is suspicious and warrants closer inspection of prompt handling and disclosure logic. If the system prompt content can be accessed or exfiltrated, this could be a potential security risk. Overall, the tool appears benign in intent but requires remedial review of prompt access patterns to ensure no inadvertent l