Skills
skills/akillness/skills-template/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches configuration and design rule sets from Vercel's official GitHub repository (vercel-labs/web-interface-guidelines). This targets a well-known and trusted organization.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves instructions from a remote URL and incorporates them into its reasoning process.
  • Ingestion points: The skill uses WebFetch to ingest guidelines from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md.
  • Boundary markers: There are no delimiters or explicit instructions to the agent to treat the fetched content as data rather than instructions.
  • Capability inventory: The skill has permissions to read local source code files including React, Vue, HTML, and CSS files.
  • Sanitization: No validation or sanitization is performed on the fetched markdown content before it is applied to the user's files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 12:44 PM