web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches design guidelines from Vercel Labs' official GitHub repository to serve as the rule set for auditing user files.
- [PROMPT_INJECTION]: The skill design includes an indirect prompt injection surface as it integrates untrusted data into its instruction set.
- Ingestion points: Reads external rules from a remote Markdown file (command.md) and processes the content of user-provided local files.
- Boundary markers: There are no defined boundary markers or explicit instructions to ignore potentially malicious commands embedded in the fetched guidelines or user code.
- Capability inventory: The skill is capable of reading local files provided by the user to perform design reviews.
- Sanitization: The skill lacks specified sanitization or validation logic for content retrieved from external or local sources before processing.
Audit Metadata