Skills
NYC
skills/fluid-tools/claude-skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill is configured to fetch a remote markdown file from GitHub to define its logic and output format at runtime.
  • Evidence: Fetching from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md.
  • Trust Status: The organization vercel-labs is a trusted source. Per [TRUST-SCOPE-RULE], the severity of the remote fetch is downgraded to LOW.
  • PROMPT_INJECTION (LOW): There is a potential for indirect prompt injection as the agent ingests both remote instructions and untrusted local UI code files.
  • Ingestion points: Fetched command.md file and user-specified local files.
  • Boundary markers: Not specified in the skill description; the agent relies on its own ability to distinguish between instructions and data.
  • Capability inventory: Network read (WebFetch) and local file read access.
  • Sanitization: No explicit sanitization or escaping of the fetched content or user files is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:05 PM