Skills
skills/akikungz/vercel-agent-skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches guidelines from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. This is a remote download of instructions. Since 'vercel-labs' is a trusted GitHub organization, the severity is downgraded per [TRUST-SCOPE-RULE].
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it fetches and executes instructions from a remote source.
  • Ingestion points: Remote Markdown file (command.md).
  • Boundary markers: Absent; the agent is instructed to directly 'Fetch fresh guidelines before each review' and 'Apply all rules'.
  • Capability inventory: File system read access (via user-provided files/patterns).
  • Sanitization: None; the agent consumes the remote instructions as authoritative.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:25 PM