The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill is designed to fetch remote content from a GitHub repository owned by Vercel. Evidence: The 'Guidelines Source' section specifies a URL under the 'vercel-labs' organization. Trust Scope: 'vercel-labs' is a recognized Trusted GitHub Organization, which downgrades the severity of the remote fetch finding to LOW.- [PROMPT_INJECTION] (LOW): The skill utilizes an 'Indirect Prompt Injection' pattern by instructing the agent to follow rules and formatting instructions contained within the fetched remote file. Ingestion Point: content of 'command.md' via WebFetch. Boundary Markers: None defined in the skill instructions. Capability Inventory: Permission to read user-specified files and generate formatted output. Sanitization: None. Risk Assessment: Although this creates a surface for instruction injection, the reliance on a trusted source (Vercel) significantly mitigates the likelihood of malicious instructions being introduced.

web-design-guidelines