web-design-guidelines

[Skill Scanner] System prompt extraction attempt The skill's stated purpose and its footprint are coherent and proportionate. It fetches external guidelines, analyzes user files, and outputs findings in a defined format without requesting sensitive credentials or performing suspicious network activity. Overall, the design appears benign with respect to supply-chain security evaluation of UI code, assuming the remote guidelines source remains authoritative and trustworthy. LLM verification: The skill's stated purpose and workflow are coherent and align with a UI guideline review tool. However, the static analyzer flag indicating a system prompt extraction attempt in SKILL.md is suspicious and warrants closer inspection of prompt handling and disclosure logic. If the system prompt content can be accessed or exfiltrated, this could be a potential security risk. Overall, the tool appears benign in intent but requires remedial review of prompt access patterns to ensure no inadvertent l