Skills
skills/dokhacgiakhoa/antigravity-ide/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches a remote Markdown file (command.md) from vercel-labs/web-interface-guidelines. Per the [TRUST-SCOPE-RULE], this is rated LOW as the organization is on the trusted list.
  • PROMPT_INJECTION (LOW): The skill implements an indirect prompt injection surface (Category 8). It retrieves instructions ("rules and output format instructions") from an external URL and applies them directly to the agent's logic.
  • Ingestion points: SKILL.md triggers a WebFetch of the guidelines URL.
  • Boundary markers: Absent; the agent is directed to follow the fetched content without delimiters.
  • Capability inventory: Reading local files (specified by user) and generating formatted output.
  • Sanitization: Absent; the skill relies entirely on the integrity of the remote GitHub content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:39 PM