Skills
skills/growthz/kgx-web/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches markdown content from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. Per the [TRUST-SCOPE-RULE], this is downgraded to LOW because vercel-labs is a trusted GitHub organization.
  • PROMPT_INJECTION (LOW): The skill demonstrates an indirect prompt injection surface (Category 8) by fetching a remote file that defines rules and output formats for the agent to follow.
  • Ingestion points: Remote instructions fetched from the Vercel GitHub repository via WebFetch.
  • Boundary markers: Absent; the skill does not use delimiters to isolate the fetched instructions from the system prompt.
  • Capability inventory: The skill reads local user files and performs network fetches.
  • Sanitization: Absent; the content from the remote URL is applied directly to the agent's reasoning process.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:48 PM