Skills
NYC
skills/connorads/dotfiles/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill fetches a guideline file from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. Under the [TRUST-SCOPE-RULE], this finding is downgraded to LOW because the organization vercel-labs is a trusted source.\n- [PROMPT_INJECTION] (LOW): The skill exhibits an Indirect Prompt Injection surface (Category 8) by fetching remote content to use as agent instructions.\n
  • Ingestion points: Remote content is fetched via WebFetch and used as the rule set for auditing.\n
  • Boundary markers: Absent. The skill does not define clear delimiters or instruct the agent to ignore embedded commands within the fetched content.\n
  • Capability inventory: The skill can read local files based on user-provided paths or patterns.\n
  • Sanitization: Absent. The fetched instructions are processed directly without validation or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:08 PM