web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill fetches instructions from a remote URL. Because the source organization (vercel-labs) is in the trusted list, this finding is downgraded. Evidence: https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md.
- PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface by fetching external content and applying it as rules for its logic. 1. Ingestion points: Remote command.md file. 2. Boundary markers: Absent; fetched content is applied directly. 3. Capability inventory: File system read access. 4. Sanitization: None detected in the skill instructions.
Audit Metadata