Skills
skills/ivantsxx/skills-packs/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches design guidelines from Vercel Labs' official GitHub repository at https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md to define the auditing criteria.
  • [PROMPT_INJECTION]: The skill retrieves external instructions at runtime, creating a theoretical surface for indirect prompt injection.
  • Ingestion points: Guidelines are fetched from an external URL and interpreted as instructions for the agent.
  • Boundary markers: None identified; the agent is instructed to follow all rules found in the remote file without specific delimiters or warnings to ignore embedded instructions.
  • Capability inventory: The skill is capable of reading local project files and making network requests via WebFetch.
  • Sanitization: No validation or filtering is performed on the remote content before it is incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 12:12 AM