Skills
skills/dokhacgiakhoa/antigravity-lab/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Warn

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is instructed to apply rules fetched from an external URL to user-provided files.
  • Ingestion points: Guidelines fetched from vercel-labs/web-interface-guidelines and local UI source files (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: File reading and network fetching (SKILL.md).
  • Sanitization: No sanitization of external content is performed.
  • [PROMPT_INJECTION]: Deceptive metadata identified in the skill's frontmatter. The author field is set to 'vercel', while the actual author is 'dokhacgiakhoa'. This impersonation may mislead users regarding the skill's origin and safety.
  • [EXTERNAL_DOWNLOADS]: Fetches design guidelines from the Vercel Labs GitHub repository.
  • [NO_CODE]: The skill provides instructions but does not include any executable code or scripts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 13, 2026, 05:53 PM