The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill retrieves design guidelines from a well-known and trusted source: Vercel's official GitHub repository (raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md). This download is essential for the skill's stated purpose of auditing UI code.- [DATA_EXPOSURE_AND_EXFILTRATION]: No sensitive file access or unauthorized data exfiltration patterns were detected. The skill interacts with local UI component files (React, Vue, HTML, CSS) as part of its primary function.- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from a remote URL to derive its auditing logic. However, since the source is a trusted organization, the risk is negligible. Evidence: 1. Ingestion points: guidelines are fetched via WebFetch from the Vercel repository. 2. Boundary markers: Not explicitly defined. 3. Capability inventory: Read, Write, Grep, Glob, WebFetch. 4. Sanitization: None documented.- [METADATA_POISONING]: There is a discrepancy between the provided author context (akillness) and the metadata author field (vercel). This is documented neutrally as a metadata inconsistency rather than a malicious attempt to deceive, given the skill's functionality aligns with Vercel's tools.- [PROMPT_INJECTION]: No malicious prompt injection patterns, bypasses, or safety guideline overrides were found in the instructions.

web-design-guidelines