web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [External Downloads] (LOW): The skill fetches remote content from
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. While fetching remote instructions is a risk, this finding is downgraded to LOW per the [TRUST-SCOPE-RULE] as the repository belongs to a trusted organization (Vercel). - [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection by fetching external data and using it as instructions for processing user files.
- Ingestion points: Fetched content from the GitHub URL is treated as the rule set.
- Boundary markers: Absent. The instructions do not specify delimiters to separate fetched guidelines from potentially malicious content within them.
- Capability inventory: File reading, text output formatting.
- Sanitization: None detected; the agent is instructed to directly apply all rules from the fetched guidelines.
Audit Metadata