web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches design guidelines from Vercel Labs' official GitHub repository at
raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. This resource provides the rules and formatting instructions for the agent's audit. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and follows instructions from an external URL and local user-provided code.
- Ingestion points: SKILL.md specifies fetching instructions from a GitHub URL and reading files matching user patterns.
- Boundary markers: None present. There are no delimiters or instructions telling the agent to ignore prompt injection attempts within the fetched guidelines or user files.
- Capability inventory: The skill utilizes file reading and network fetching tools.
- Sanitization: No sanitization or validation of the fetched content is performed before the agent treats it as executable instructions.
Audit Metadata