web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill retrieves rule definitions from
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. This URL belongs to a trusted organization (Vercel), minimizing the risk of malicious instruction fetching. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted user files and applies instructions to them.
- Ingestion points: Local files identified by the user-provided file-or-pattern argument.
- Boundary markers: None specified; the skill does not explicitly encapsulate file content to prevent instruction leakage.
- Capability inventory: The skill can read local filesystem data and fetch remote content.
- Sanitization: No sanitization of the audited file content is performed before processing.
Audit Metadata