web-design-guidelines

[Skill Scanner] System prompt extraction attempt The skill concept is internally consistent: it fetches public guidelines, analyzes user-provided UI files, and reports findings in the expected format. There are no credential requirements, no suspicious data flows beyond local file access and a public guideline fetch, and no obfuscation. The design is proportionate to its stated purpose and aligns with typical software-audit tooling. LLM verification: The skill itself is not directly malicious and aligns with its stated purpose of linting UI files against an external guideline. The main security concerns are operational: (1) runtime fetching of a remote guidelines document introduces supply-chain risk if the upstream repo is compromised or modified; (2) the skill allows reading arbitrary user-specified files without built-in restrictions, which could lead to accidental or malicious disclosure of sensitive files if the agent has broad filesyst