web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches UI guidelines and rule definitions from Vercel Labs' official GitHub repository.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it interprets instructions fetched from a remote URL and processes user-provided file content. 1. Ingestion points: Fetches guidelines from raw.githubusercontent.com/vercel-labs and reads user-specified local files. 2. Boundary markers: None present in the skill instructions. 3. Capability inventory: Performs network GET requests via WebFetch and reads local file system content. 4. Sanitization: No sanitization or validation of the fetched instruction set or file content is performed before execution.
Audit Metadata