web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the latest web interface guidelines from Vercel Labs' public GitHub repository (raw.githubusercontent.com/vercel-labs/web-interface-guidelines). This is an established and well-known service used for retrieving configuration data.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from local source files and external websites provided by the user. There is a theoretical risk that these files or sites could contain hidden instructions aimed at influencing the agent's behavior during the review process.
- Ingestion points: Local code files (Step 2.2) and user-provided URLs (Step 3.2).
- Boundary markers: None specified in the instructions.
- Capability inventory: The agent has file read/write access (Step 4) and network/browser access (Step 3).
- Sanitization: No explicit sanitization of input data is described.
- Mitigation: Users should ensure they trust the source code and URLs being analyzed.
Audit Metadata