Skills
skills/aidangio/agent-skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill is configured to fetch remote content from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md using the WebFetch tool.
  • Evidence: Explicitly defined in the 'Guidelines Source' section of SKILL.md.
  • Trust Status: Downgraded to LOW/INFO per [TRUST-SCOPE-RULE] because the source belongs to a trusted organization (Vercel).
  • [PROMPT_INJECTION] (MEDIUM): The skill architecture treats fetched external content as authoritative instructions ('Apply all rules from the fetched guidelines'), which is the primary vector for Indirect Prompt Injection.
  • Ingestion points: Remote content from GitHub is ingested into the agent's context via the WebFetch tool.
  • Boundary markers: Absent. The skill does not instruct the agent to use XML tags or other delimiters to isolate the fetched rules from the agent's core instructions.
  • Capability inventory: The skill has the capability to read local files ('Read the specified files') and process their content based on the external rules.
  • Sanitization: Absent. The content of the remote file is not validated or filtered before being used to guide the agent's audit behavior.
  • Severity Assessment: Classified as MEDIUM because the capability is limited to reading files and providing reasoning/output, but the lack of boundary markers means a compromised guideline file could instruct the agent to ignore its primary task or misinterpret file contents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 01:50 AM