Question 1

Is pbakaus/impeccable safe to install?

Accepted Answer

Oathe's behavioral security audit gives pbakaus/impeccable a trust score of 88/100 with a verdict of SAFE. 7 findings were detected. pbakaus/impeccable is a legitimate, open-source (Apache 2.0) AI frontend design skill with a coherent purpose matched by its implementation. No prompt injection, persona hijacking, hidden instructions, or external data exfiltration was detected. The primary elevated-risk surface is the live-browser mode, which injects a substantial JavaScript payload into the user's own web pages to capture DOM content and CSS state for AI-assisted design iteration — all traffic stays on localhost, but any sensitive data rendered in the page enters the AI context. The skill also installs file-editing hooks across every supported IDE harness simultaneously, giving it pre-edit execution authority in all detected environments.

Question 2

What security issues were found in pbakaus/impeccable?

Accepted Answer

7 findings were detected: MEDIUM — Browser-side script injection with broad DOM access; LOW — File-editing hooks installed across multiple IDE harnesses; LOW — Mandatory automatic script execution at session start; LOW — UPDATE_AVAILABLE directive triggers agent-initiated update prompts; INFO — DOM content capture scoped to localhost only; INFO — Network activity limited to GitHub during clone; INFO — All honeypot files intact.

Question 3

Should I install pbakaus/impeccable?

Accepted Answer

Based on Oathe's audit, the recommendation is: INSTALL_WITH_CAUTION. Trust score: 88/100.

Is `pbakaus/impeccable` safe?

Category Scores

Findings (7)

Is pbakaus/impeccable safe?

Category Scores

Findings (7)

Is `pbakaus/impeccable` safe?