Security risk report for @forgecat/anthropics_claude-plugins-official_frontend-design v0.0.4
Source Integrity
Low
Profile is attributed to Anthropic and references the official claude-plugins-official repository with a specific commit hash (cf62a6c).
Metadata (author, license, original repository) is consistent with a legitimate open-source project; no suspicious supply-chain indicators.
Agent Intent
Low
Content is purely instructional guidance on frontend design aesthetics and best practices; no prompt injection, role hijacking, or system-prompt leakage attempts.
No instructions to read credentials, exfiltrate data, install remote payloads, or hide/deny the skill's own instructions.
Guidance on design choices (typography, color, motion, layout) is legitimate creative direction, not poisoning — recommends avoiding generic patterns and making intentional aesthetic choices, which is standard design practice.
Details
Evidence
'Choose fonts that are beautiful, unique, and interesting. Avoid generic fonts like Arial and Inter'
'NEVER use generic AI-generated aesthetics like overused font families'
'Interpret creatively and make unexpected choices that feel genuinely designed for the context.'
Permissions
Low
No tools or hooks are declared in the profile; the skill is purely instructional guidance for the AI to follow when generating frontend code.
No file_write, shell, file_delete, or other high-risk operations are requested; the skill does not demand authority beyond providing design direction.
Details
Evidence
'(none declared)' in the tools section.
No MCP servers or tool definitions present.
MCP Risk
Low
No MCP servers are defined in the profile.
No hidden instructions, arbitrary binary execution, or unrestricted network/filesystem access is present.