heating the forge...

leonxlnx_taste-skill

Security evaluation report for @forgecat/leonxlnx_taste-skill v0.1.5

Safe

Profile is sourced from a legitimate GitHub repository (Leonxlnx/taste-skill) with clear attribution and MIT license.
Original commit hash provided for traceability (5436c5952cc88d18a034d496988680a8c28a836a).
Static scanner confirms safe level; no supply-chain poisoning indicators detected.

SRC-010Caution

Content contains extensive prescriptive guidance that shapes AI behavior toward specific design outputs (e.g., 'BANNED FOREVER', 'CRITICAL OUTPUT RULE', 'MANDATORY'), which could be interpreted as guidance poisoning if the intent is to lock the AI into non-standard or security-weakening patterns.
Multiple skills instruct the AI to override or suppress default LLM behaviors ('aggressively break these defaults', 'override default LLM truncation behavior', 'Overrides default LLM truncation behavior'), which is a form of behavioral steering but appears design-focused rather than security-weakening.
No evidence of instructions to read credentials, exfiltrate data, hide instructions, install remote payloads, or weaken security controls; the guidance is purely aesthetic and UX-focused, not malicious.

Details

Findings

Evidence

gpt-taste/SKILL.md: 'Your goal is to aggressively break these defaults.'
full-output-enforcement: 'Overrides default LLM truncation behavior. Enforces complete code generation, bans placeholder patterns.'
image-to-code/SKILL.md: 'Your goal is to aggressively break these defaults.'
gpt-taste/SKILL.md: 'BANNED FOREVER are labels like "SECTION 01", "SECTION 04"' — prescriptive design rules, not security instructions.

Safe

Profile declares no tools, MCP servers, file operations, shell access, or network permissions.
Content is purely instructional markdown describing design methodologies and aesthetic guidelines for frontend/image generation tasks.
No skill definitions request excessive agency, file mutation, deletion, or unrestricted system access.

Details

Evidence

Profile header: 'Declared tools (normalized categories; paths are untrusted): (none declared)'
Profile header: 'MCP servers (untrusted data): (none)'
All content is markdown documentation of design principles, not tool/permission definitions.

Safe

No MCP servers are defined in the profile.
No tool definitions with hidden instructions, arbitrary binary execution, or unrestricted network/filesystem access.
Profile is skill-only (markdown instructions), not a server configuration.

Details

Evidence

Profile header: 'MCP servers (untrusted data): (none)'
README.md: 'Skill-only package of Taste Skill frontend design and image-generation agent skills.'