web-design-guidelines

[Skill Scanner] System prompt extraction attempt The skill is consistent with its stated purpose: fetch public guidelines and apply them to user-supplied files. The only notable supply-chain consideration is the live fetch of the guideline file from raw.githubusercontent.com — a reasonable approach for always-fresh rules but it introduces a dependency on that remote content's integrity. No indicators of credential harvesting, obfuscated malware, command execution, or unexpected data exfiltration were found in this manifest. LLM verification: The skill itself is not directly malicious and aligns with its stated purpose of linting UI files against an external guideline. The main security concerns are operational: (1) runtime fetching of a remote guidelines document introduces supply-chain risk if the upstream repo is compromised or modified; (2) the skill allows reading arbitrary user-specified files without built-in restrictions, which could lead to accidental or malicious disclosure of sensitive files if the agent has broad filesyst