Oathe Security Badge

Is nomideusz/simple-web-design safe?

https://github.com/nomideusz/simple-web-design

95
SAFE

This skill is a well-designed web design auditing tool based on Anthony Hobday's principles, with no executable code and strong security practices. The skill proactively includes prompt injection defenses and safe content handling guidelines, making it exemplary for security-conscious design.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW System processes accessed sensitive file paths during installation -8

Monitoring detected access to canary files (.env, SSH keys, AWS credentials) during the installation process. However, these accesses appear to be from system processes (sshd, sudo) during normal SSH session setup and git operations, not from the skill itself.

INFO Excellent security documentation and defenses 0

The skill includes a comprehensive 'Security: Prompt Injection Defense' section that explicitly addresses prompt injection risks, classifies external content as untrusted, and provides defensive guidelines for safe content analysis.