web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches design guidelines and rule definitions from Vercel Labs' official GitHub repository to provide runtime instructions for UI auditing.
- [DATA_EXFILTRATION]: Accesses local UI source code files to perform the requested audit; this file access is restricted to the scope of the review task.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted content from both external URLs and local files to drive its reasoning engine.
- Ingestion points: Remote guidelines URL (SKILL.md) and user-specified UI code files.
- Boundary markers: None explicitly defined to separate instructions from data.
- Capability inventory: File system read access and network fetching (WebFetch).
- Sanitization: No validation or sanitization is performed on the fetched guidelines or target code files before processing.
Audit Metadata