The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were identified. The skill is authored by 'inkeep' and correctly utilizes the 'inkeep' vendor resources and patterns.
[EXTERNAL_DOWNLOADS]: The skill downloads brand assets, 3D materials (matcaps), and logos from well-known and trusted sources including the official JSDelivr CDN, Iconify, and GitHub repositories. These operations are limited to the intended functionality of asset acquisition.
[COMMAND_EXECUTION]: Local scripts are used for legitimate development automations, such as launching a Figma Desktop plugin via macOS AppleScript (osascript) and bundling 3D scenes using the Bun runtime. These are standard practices for this type of design tooling.
[DATA_EXPOSURE]: While the skill manages several API keys (OpenAI, Google, Brandfetch, Quiver.ai), it handles them using recommended practices, such as environment variables and a setup script, without hardcoding any secrets.
[PROMPT_INJECTION]: Static detectors flagged instructional phrases regarding 'internal discipline' as concealment attempts. However, contextual analysis reveals these are benign role-play guidelines for the AI agent to maintain a specific professional persona and brand consistency, rather than attempts to bypass safety filters.

graphics