web-design-guidelines

[Skill Scanner] System prompt extraction attempt BENIGN to SUSPICIOUS: The skill is consistent with its stated purpose and does not request credentials or perform dangerous actions. The dynamic fetch of external guidelines is acceptable for a guidelines-based reviewer, but the lack of explicit integrity checks for the fetched content introduces a minor risk surface. If the implementation validates the remote guidelines (e.g., via HTTPS, checksums, signatures) and handles fetch errors gracefully, the overall risk remains benign. Given the current snippet, classify as suspicious rather than clearly benign due to the external dependency without integrity guarantees, but not malicious. LLM verification: The skill's stated purpose and workflow are coherent and align with a UI guideline review tool. However, the static analyzer flag indicating a system prompt extraction attempt in SKILL.md is suspicious and warrants closer inspection of prompt handling and disclosure logic. If the system prompt content can be accessed or exfiltrated, this could be a potential security risk. Overall, the tool appears benign in intent but requires remedial review of prompt access patterns to ensure no inadvertent l