web-design-guidelines
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill fetches a guidelines file from
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. While downloading content to influence behavior is risky, the severity is downgraded to LOW per [TRUST-SCOPE-RULE] because thevercel-labsorganization is on the trusted source list. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) due to its dependency on remote instructions.
- Ingestion points: Remote markdown content fetched via URL (
command.md). - Boundary markers: Absent. The instructions from the fetched file are merged into the agent's task context without any delimiters or warnings to ignore embedded commands.
- Capability inventory: The skill possesses the ability to read local files (
Read the specified files) and perform web requests, creating a high-risk path for data exfiltration if the fetched instructions are malicious. - Sanitization: Absent. The agent is explicitly commanded to 'Apply all rules from the fetched guidelines' without any validation or filtering of the external content.
Recommendations
- AI detected serious security threats
Audit Metadata