Skills
skills/douglance/stdb-skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Warn

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's internal metadata identifies the author as 'vercel', which contradicts the platform's attribution to 'douglance'. This misleading attribution can cause users to misjudge the trustworthiness and safety of the skill.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by fetching 'rules' from a remote markdown file and applying them to local files.
  • Ingestion points: guidelines fetched from 'vercel-labs' GitHub repository and local user files (SKILL.md).
  • Boundary markers: Absent. The skill instructions do not provide delimiters or warnings to ignore embedded instructions in the fetched content or analyzed files.
  • Capability inventory: Uses file read capabilities to access local UI code and 'WebFetch' for network operations.
  • Sanitization: Absent. The skill does not describe any validation or filtering of the remote guidelines or local file content.
  • [EXTERNAL_DOWNLOADS]: Fetches design guidelines and behavioral instructions from Vercel Labs' official GitHub repository to use as the audit standard.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 10, 2026, 07:47 PM