web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches design guidelines and instructions from the Vercel Labs official GitHub repository. This reference is to a well-known, trusted organization and is documented neutrally.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by fetching instructions at runtime. 1. Ingestion points: Remote content from the 'command.md' URL is ingested via WebFetch. 2. Boundary markers: The skill does not provide markers to delimit the fetched instructions from its own logic. 3. Capability inventory: The agent reads local files and formats output based on instructions found in the remote file. 4. Sanitization: No validation or sanitization is performed on the remote instructions before they are followed.
Audit Metadata