web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches design guidelines from a trusted Vercel Labs repository via GitHub.
- [COMMAND_EXECUTION]: Uses the
curlcommand to retrieve the guidelines file from the official upstream source if it is not found in the local references directory. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external guidelines from a remote source. Evidence: 1. Ingestion points: Remote URL fetch in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: curl and file-read operations. 4. Sanitization: Absent. The risk is mitigated as the source is a trusted organization.
Audit Metadata