web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches content from
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. This is a trusted resource maintained by Vercel Labs. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes both external guidelines and user-controlled files to generate its output.
- Ingestion points: External guidelines via URL fetch and local files specified by the user as described in
SKILL.md. - Boundary markers: Absent; the skill does not define specific delimiters or instructions to ignore embedded commands within the fetched or read content.
- Capability inventory: The skill performs file read operations and network GET requests (WebFetch); it does not appear to have write access or arbitrary command execution capabilities.
- Sanitization: Absent; there is no evidence of validation or filtering for the external content before it is processed by the agent.
Audit Metadata