web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves design rule definitions and output formatting instructions from Vercel's official GitHub repository (vercel-labs/web-interface-guidelines).
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by fetching and following instructions from an external URL to guide its analysis. 1. Ingestion points: Content is retrieved from github.com/vercel-labs via WebFetch. 2. Boundary markers: No explicit delimiters are used to isolate the fetched guidelines from the agent's core instructions. 3. Capability inventory: The agent performs file read operations and generates text output based on the external guidelines. 4. Sanitization: No validation or filtering is performed on the fetched content before processing.
Audit Metadata