Skills
skills/involvex/aetheris/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches design guidelines from a public repository hosted by Vercel Labs on GitHub.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it retrieves runtime instructions from an external URL to determine its behavior.
  • Evidence Chain for Indirect Prompt Injection:
  • Ingestion points: Remote markdown content is fetched from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md in SKILL.md.
  • Boundary markers: None identified; the skill does not wrap the external content in protective delimiters.
  • Capability inventory: The skill is authorized to read local files and generate reports based on the external rules.
  • Sanitization: No sanitization or validation of the fetched instructions is performed before they are integrated into the agent's reasoning process.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 04:43 PM