Skills
skills/jamals86/kalamdb/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches instructions from 'https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md' using WebFetch. Per the [TRUST-SCOPE-RULE], because 'vercel-labs' is a trusted organization, this finding is downgraded to LOW.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill ingests external data (guidelines) which direct the agent's behavior.
  • Ingestion points: SKILL.md fetches 'command.md' from GitHub.
  • Boundary markers: Absent; the fetched content is treated as authoritative instructions.
  • Capability inventory: File reading capabilities on the user's local system.
  • Sanitization: None; the agent is instructed to follow all rules in the fetched content directly.
  • DATA_EXPOSURE (SAFE): While the skill reads local UI files, it does so to provide feedback to the user. There are no patterns indicating the transfer of this data to external or untrusted endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 11:20 AM