open-design
Warn
Audited by Socket on Jun 17, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The core Open Design workflow is broadly consistent with a local design-generation skill and uses a plausible same-org GitHub source, but the included transitive installation of a separate third-party skill repo is a significant trust-boundary expansion unrelated to the main install path. Risk is moderate rather than malicious because the primary behavior is coherent and there is no direct credential harvesting or exfiltration shown.
Confidence: 100%Severity: 60%
Audit Metadata