design-web-guidelines
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Downloads] (LOW): The skill fetches content from
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. Per the [TRUST-SCOPE-RULE], this finding is downgraded to LOW asvercel-labsis a recognized trusted organization. - [Indirect Prompt Injection] (MEDIUM): The skill exhibits a high-risk pattern by delegating its logic and output instructions to a remote file.
- Ingestion points: Instructions are ingested from an external URL (
command.md) and data is ingested from user-provided files. - Boundary markers: None identified; the skill explicitly directs the agent to 'Apply all rules from the fetched guidelines' and use the 'format specified in the guidelines'.
- Capability inventory: The skill uses
WebFetchfor network access and reads arbitrary user-specified files. - Sanitization: There is no validation or sanitization of the remote content before it is adopted as instructions for the agent's reasoning process.
- [Adversarial Reasoning] (MEDIUM): By allowing a remote markdown file to define the 'rules and output format', an attacker who compromises the repository or the network path could redirect the agent to exfiltrate file contents or ignore safety guidelines under the guise of 'best practices'.
Audit Metadata