Skills
skills/ddaakk/agent-skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches content from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. While fetching remote instructions is a potential risk vector, the source is a verified trusted organization (vercel-labs), resulting in a downgrade to LOW per the [TRUST-SCOPE-RULE].
  • PROMPT_INJECTION (LOW): The skill uses WebFetch to retrieve a Markdown file containing 'rules and output format instructions' that guide the agent's behavior. This represents an Indirect Prompt Injection surface (Category 8).
  • Ingestion points: Remote URL (guidelines) and local filesystem (user UI code).
  • Boundary markers: None specified in the skill definition to isolate the fetched guidelines from the agent's core instructions.
  • Capability inventory: Reading local files, fetching web content, and generating text reports.
  • Sanitization: No explicit sanitization of the fetched guidelines is performed. However, as the source is trusted and the skill's capabilities are limited to 'display only' (producing a report), the severity is low.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 01:22 PM