Skills
skills/dmmulroy/overseer/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill retrieves a remote file from 'https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md' to determine its rules.
  • Evidence: The [TRUST-SCOPE-RULE] applies as 'vercel-labs' is a trusted GitHub organization, downgrading this finding to LOW/INFO.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection because it executes logic defined in external data.
  • Ingestion points: Remote content fetched from 'command.md' via WebFetch.
  • Boundary markers: None; the agent is instructed to 'Apply all rules from the fetched guidelines' without validation.
  • Capability inventory: Reading local project files provided by the user.
  • Sanitization: Absent; the skill blindly adopts the instruction set and output format from the remote source.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:49 PM