web-design-guidelines
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill fetches content from a remote URL (https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md). Per the [TRUST-SCOPE-RULE], this is downgraded to LOW because the source is a trusted GitHub organization (vercel-labs).
- PROMPT_INJECTION (MEDIUM): The skill exhibits an indirect prompt injection surface (Category 8). It fetches remote instructions and is told to 'Check against all rules in the fetched guidelines' and follow the 'output format instructions' within. This allows the remote source to influence agent behavior. Evidence: 1. Ingestion point:
command.mdvia WebFetch. 2. Capability: Controls auditing logic and output structure. 3. Sanitization: No sanitization of external content detected. 4. Boundary markers: No delimiters or ignore-instructions markers present for the external data.
Audit Metadata