Skills
skills/clawdioioioioio/skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill fetches its operating rules and output formatting instructions from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md at runtime. Because the source belongs to a trusted GitHub organization (vercel-labs), the severity is downgraded to LOW per trust-scope rules.
  • [PROMPT_INJECTION] (LOW): The skill exhibits an indirect injection surface by ingesting external code files and remote instructions to guide its behavior.
  • Ingestion points: command.md (remote) and user-provided UI source files.
  • Boundary markers: None specified in the instructions to delimit user data from rules.
  • Capability inventory: Limited to reading local files (Read specified files) and generating formatted text output.
  • Sanitization: None detected for the fetched guidelines or the audited code.
  • [COMMAND_EXECUTION] (SAFE): No arbitrary shell command execution or subprocess spawning was identified in the logic.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 08:17 AM