web-design-guidelines

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md (Step 2.1) explicitly instructs the agent to fetch live guidelines from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md and use that fetched content (including output-format instructions) to drive checks and outputs, which lets arbitrary third-party content materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runtime explicitly fetches guidelines from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md, and the fetched document is described as containing the rules and output format instructions that directly control the agent's prompts and behavior, making it a required remote dependency.