web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches design guidelines from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. Per the Trusted External Sources rule, since vercel-labs is a trusted organization, this remote reference is downgraded to LOW.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill ingests guidelines from an external source and applies them to user-provided code. 1. Ingestion points: External GitHub URL and user-specified code files via the file-or-pattern argument. 2. Boundary markers: Absent; the skill does not explicitly delimit or warn the agent about potential instructions embedded in the processed files. 3. Capability inventory: Network reading (WebFetch) and local file reading. 4. Sanitization: No sanitization or escaping of the external content or code files is performed before processing.
Audit Metadata