web-design-guidelines

[Skill Scanner] System prompt extraction attempt The skill description appears purpose-aligned and coherent with its stated use: fetch live guidelines, apply to user-provided UI files, output results in a structured format. The primary security considerations relate to relying on an external guidelines source for rules (reproducibility and availability) but there is no indication of credential usage or data exfiltration. Overall, the footprint is proportionate to the stated goal, with manageable risks tied to external rule source stability. LLM verification: The skill itself is not directly malicious and aligns with its stated purpose of linting UI files against an external guideline. The main security concerns are operational: (1) runtime fetching of a remote guidelines document introduces supply-chain risk if the upstream repo is compromised or modified; (2) the skill allows reading arbitrary user-specified files without built-in restrictions, which could lead to accidental or malicious disclosure of sensitive files if the agent has broad filesyst