The Agent Skills Directory

[SAFE]: The skill is focused on design consultation and UI/UX best practices. Its operations are transparent and aligned with its stated purpose of assisting in product design and review.
[DATA_EXPOSURE]: The instructions direct the agent to read local project configuration files (such as tailwind.config, package.json, and CSS files) to understand the existing design tokens and framework. This is a standard and necessary function for a developer-centric design assistant to provide contextually relevant advice.
[EXTERNAL_DOWNLOADS]: The design-preview-template.html file includes references to Google Fonts (fonts.googleapis.com) to render typography in design previews. This targets a well-known service for legitimate design purposes and does not pose a security risk.
[COMMAND_EXECUTION]: The skill recommends using the open command to display generated HTML mockups (stored in /tmp/) to the user. This is a common developer workflow and does not involve privileged execution or suspicious parameters.
[INDIRECT_PROMPT_INJECTION]: The skill processes project source code and styling files as untrusted data to inform its recommendations. It uses this information as context for design analysis rather than as a source of executable instructions, maintaining a low risk profile for this category.

oiloil-ui-ux-guide