Skills
skills/hotriluan/alkana-dashboard/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches configuration and guidelines from Vercel Labs' official GitHub repository.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from both external URLs and user-provided files without adequate protection.
  • Ingestion points: Content is retrieved from a remote markdown file and local files specified by the user.
  • Boundary markers: No delimiters or protective instructions are used to separate user data from the agent's core instructions.
  • Capability inventory: The skill utilizes file reading capabilities and the 'WebFetch' tool to retrieve remote data.
  • Sanitization: No evidence of input validation, content escaping, or sanitization is present in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:17 AM