Oathe Security Badge

Is yigitkonur/skill-design-soul-saas safe?

https://github.com/yigitkonur/skill-design-soul-saas

92
SAFE

This skill is a comprehensive design system extraction tool for analyzing SaaS dashboard codebases and creating pixel-perfect documentation. It contains extensive legitimate instructions but no executable code or malicious behavior. All security monitoring confirms benign operation with no data exfiltration or unauthorized access.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

MEDIUM Extensive Instructional Content -15

The skill contains very detailed and extensive instructions for design extraction processes, including agent spawning and multi-phase workflows. While these appear legitimate for the stated functionality, the sheer volume of instructions could potentially interfere with system prompts.

LOW Codebase File Access Requirements -10

The skill legitimately requires reading various codebase files (.md, .js, .ts, .css) for design system analysis. Monitoring confirmed no sensitive data exfiltration occurred.

LOW Clone Process Interruption -5

Git clone process failed due to existing directory, which is normal behavior. No suspicious network activity detected.

LOW Agent Coordination Complexity -10

The skill references spawning multiple specialized agents for design extraction tasks. While legitimate, this adds complexity that could be misused in combination with other skills.