web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches design guidelines and output formatting rules from the Vercel Labs GitHub repository.
- [PROMPT_INJECTION]: Metadata indicates the author is "vercel", which is inconsistent with the provided author context.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by dynamically ingesting and following instructions from a remote source.
- Ingestion points: Fetches content from a raw GitHub URL in SKILL.md to define its operational logic.
- Boundary markers: No delimiters or instructions are used to separate the fetched guidelines from the agent's core safety constraints.
- Capability inventory: Includes file system read access for user-defined files and network read access via WebFetch.
- Sanitization: The skill does not perform validation or escaping of the remote instructions before they are applied to the local context.
Audit Metadata