web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill retrieves guidelines from
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. Per the TRUST-SCOPE-RULE, the vercel-labs organization is trusted, qualifying this as a low-risk reference. - PROMPT_INJECTION (LOW): Indirect prompt injection surface identified (Category 8).
- Ingestion points: Remote guideline URL and user-provided local files.
- Boundary markers: Absent; there are no delimiters or instructions to ignore nested prompts in the data being processed.
- Capability inventory: Capabilities include file reading and network fetching via WebFetch.
- Sanitization: Absent; the skill does not perform sanitization or validation of the fetched or read content.
Audit Metadata