web-design-guidelines
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches content from "https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md" at runtime. * Evidence: The "Guidelines Source" section explicitly requires fetching this file using WebFetch. * Trust Evaluation: The domain and organization "vercel-labs" are on the Trusted GitHub Organizations list, which downgrades this finding to LOW per [TRUST-SCOPE-RULE].
- [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its dependency on remote instructions. * Ingestion points: Remote markdown file "command.md" from GitHub. * Boundary markers: Absent. There are no instructions to the agent to treat the fetched content only as data or to ignore embedded commands. * Capability inventory: The skill has the ability to read local files ("Read the specified files") and control output formatting. * Sanitization: Absent. * Impact: A compromise of the remote repository could allow an attacker to inject instructions that exfiltrate file contents or deceive the user.
Audit Metadata