web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches audit rules and formatting guidelines from the official Vercel Labs GitHub repository.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted user files alongside external instructions.
- Ingestion points: Local source files identified by file-or-pattern and the guidelines source URL.
- Boundary markers: None specified in the instructions.
- Capability inventory: Local file system access and network operations via WebFetch.
- Sanitization: No explicit validation or filtering of input file contents.
- [SAFE]: All external resources are retrieved from trusted vendors, and the skill's activities are strictly limited to its stated purpose of UI code auditing.
Audit Metadata