web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill fetches dynamic instructions from 'https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md'. Because 'vercel-labs' is a designated trusted GitHub organization, this finding is downgraded from MEDIUM to LOW.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted local files. 1. Ingestion points: User-specified files/patterns in SKILL.md. 2. Boundary markers: Not specified. 3. Capability inventory: File reading and network fetching via WebFetch. 4. Sanitization: No sanitization logic described.
Audit Metadata