web-design-guidelines
Fail
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits deceptive metadata by claiming to be authored by 'vercel', a well-known trusted organization. This impersonation is a high-risk deceptive practice intended to mislead users or automated systems into trusting the skill instructions based on a false origin.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use 'WebFetch' to retrieve rules from a 'source URL above' that is absent from the file. This creates a phantom dependency where the agent may attempt to fetch instructions from untrusted external sources provided in the conversation context or user input.
- [DATA_EXFILTRATION]: The skill architecture creates a high-risk surface for indirect prompt injection by combining the retrieval of instructions from an unspecified external source with the capability to read local user files. Ingestion points: external guidelines via WebFetch. Capability inventory: file system access and web fetching. Boundary markers: none. Sanitization: none. This design allows an attacker who controls the external source to provide 'rules' that instruct the agent to exfiltrate the contents of the local files it was instructed to review.
Recommendations
- AI detected serious security threats
Audit Metadata