Security risk report for @forgecat/anthropics_skills_frontend-design v0.0.4
Source Integrity
Low
Profile is attributed to Anthropic with a public GitHub repository (nota-america/forgecat-agent-profiles) and original commit hash provided.
No suspicious external URLs, typosquatted dependencies, or supply-chain red flags detected.
Agent Intent
Low
Content is a legitimate frontend design skill guide with no prompt injection, role hijacking, or instructions to read/exfiltrate credentials.
No guidance poisoning: recommendations for distinctive typography, color schemes, and layout patterns are standard design best practices, not malicious knowledge injection.
No system prompt leakage instructions; no directives to reveal hidden instructions, tool definitions, or conversation memory.
Details
Evidence
Entire content focuses on design methodology: 'understand the context and commit to a BOLD aesthetic direction'
Typography guidance recommends 'distinctive choices' and avoiding 'generic fonts'—standard design advice, not security-weakening or attacker-serving
No external URL fetching, credential reading, or exfiltration instructions present
Permissions
Low
No tools or skills are declared in the profile; no file_write, shell, web_fetch, or other high/medium-risk categories requested.
The skill is purely instructional guidance for the AI to generate frontend code—it does not demand system-level authority.
Details
Evidence
Declared tools section is empty: '(none declared)'
MCP servers section is empty: '(none)'
Content is markdown documentation and design principles only
MCP Risk
Low
No MCP servers are defined in the profile.
No binary execution, network access, or filesystem operations are configured.