web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Downloads (LOW): The skill fetches dynamic guidelines from GitHub. Evidence: Instructions in SKILL.md specify fetching from vercel-labs. Trust Status: vercel-labs is a trusted organization, downgrading this finding per TRUST-SCOPE-RULE.
- Indirect Prompt Injection (LOW): The skill treats remote markdown as logic/instructions. Ingestion: Remote content fetched via WebFetch. Capability: Reading local files and displaying formatted output. Risk: Potential instruction override if the source is compromised. Severity: Low due to trusted source and display-only capabilities with no external write or execution side-effects.
Audit Metadata