Skills
skills/heymynameisrob/agent-config/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches instructions from a remote source at runtime.
  • Evidence: Source URL https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md in SKILL.md.
  • Trust Status: The organization vercel-labs is a Trusted External Source, which downgrades the risk associated with the external reference per [TRUST-SCOPE-RULE].
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it treats remote data as instructions.
  • Ingestion points: Untrusted content enters the agent context from the external command.md file via WebFetch.
  • Boundary markers: Absent. No delimiters or instructions are provided to the agent to prevent the fetched content from overriding behavior.
  • Capability inventory: The skill has the capability to read local files based on user-provided patterns.
  • Sanitization: None detected; the skill explicitly directs the agent to "Apply all rules from the fetched guidelines."
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:49 PM