web-design-guidelines
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill retrieves a guidelines file from a GitHub repository owned by vercel-labs. This is a trusted source, which qualifies for a severity downgrade of the download action itself.
- [PROMPT_INJECTION] (MEDIUM): The skill treats fetched remote content as operational instructions (rules and output format instructions). This is an indirect prompt injection vulnerability surface where a compromise of the remote file could lead to the agent performing unauthorized actions. 1. Ingestion points: Fetching from command.md at runtime in SKILL.md. 2. Boundary markers: None detected to separate fetched instructions from system prompts. 3. Capability inventory: Read access to local files specified by the user. 4. Sanitization: No validation or filtering of the fetched content is performed before interpretation.
Audit Metadata