web-design-guidelines
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains deceptive metadata regarding its origin.
- Evidence: The YAML metadata identifies the author as "vercel", which is inconsistent with the actual author "darraghh1". This discrepancy can mislead users into trusting the skill based on a false affiliation.
- [EXTERNAL_DOWNLOADS]: The skill fetches design guidelines and instructions from the "vercel-labs" organization on GitHub via a direct URL.
- Note: This reference targets a well-known service and is documented here neutrally as part of the skill's core functionality.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the lack of isolation between data sources and instructions.
- Ingestion points: The skill retrieves rules from a remote GitHub file (command.md) and reads user-provided UI code files.
- Boundary markers: There are no delimiters or instructions provided to ensure the agent disregards potentially malicious instructions embedded in the external content or the files being audited.
- Capability inventory: The skill has the ability to read local files and perform network requests using WebFetch.
- Sanitization: No sanitization, escaping, or validation steps are performed on the content fetched from the network or the local files before they are processed by the agent.
Audit Metadata