web-design-guidelines
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill metadata contains deceptive author information, identifying the author as 'vercel' while the actual author provided is 'akillness'. This misrepresentation can lead to a false sense of trust in the skill's origin.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from user-provided files during the UI review process.
- Ingestion points: Processes user-provided source files such as React, Vue, Svelte, HTML, CSS, and JavaScript files.
- Boundary markers: No specific delimiters or instructions to ignore embedded prompts are implemented for the analyzed content.
- Capability inventory: The skill is capable of reading local file content and fetching guidelines from the web.
- Sanitization: Lacks evidence of input validation or sanitization for the analyzed file content before processing.
- [EXTERNAL_DOWNLOADS]: Fetches UI guidelines from Vercel Labs' official GitHub repository. This is a trusted source used for retrieving rule definitions as part of the skill's primary functionality.
Audit Metadata