web-design-guidelines

SUSPICIOUS: the skill’s purpose is coherent, but it delegates its actual review rules to live remote markdown fetched from a mutable GitHub raw URL each run. That creates a meaningful indirect prompt-injection and trust risk even without clear credential theft or malware behavior.