Skills
skills/dodatech/approved-skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches markdown instructions from a remote repository.
  • Evidence: Fetching from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md in SKILL.md.
  • Trust Status: The vercel-labs organization is a trusted source, downgrading this finding from MEDIUM to LOW.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to ingest remote content that dictates its operational rules and output format, creating an attack surface.
  • Ingestion points: Guidelines fetched from a remote URL in SKILL.md.
  • Boundary markers: Absent; no specific delimiters or instructions to ignore embedded commands are present.
  • Capability inventory: Network access via WebFetch and local file read access to user-specified paths.
  • Sanitization: None; the skill is explicitly instructed to 'Apply all rules from the fetched guidelines'.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:35 PM