web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill fetches guidelines from
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. Under [TRUST-SCOPE-RULE], this is downgraded to LOW because the domain and organization (vercel-labs) are recognized as trusted. However, the skill treats the downloaded content as instructions for its execution logic. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8). It processes user-provided UI files and external guidelines simultaneously. If a user-provided file contains malicious instructions formatted as 'UI comments,' the agent might follow them instead of the guidelines.
- Ingestion points: User-specified files/patterns and the remote 'command.md' file.
- Boundary markers: None explicitly defined in the skill definition to separate user content from system instructions.
- Capability inventory: File reading and remote fetching via WebFetch.
- Sanitization: None detected; the skill directly applies 'all rules' from the fetched content to the provided files.
Audit Metadata