web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or persistence mechanisms were detected. The skill's behavior aligns with its stated purpose of auditing UI code for design compliance.
- [EXTERNAL_DOWNLOADS]: Fetches fresh UI guidelines from Vercel Labs' official GitHub repository (
vercel-labs/web-interface-guidelines). This is a legitimate operation from a well-known service and trusted organization. - [PROMPT_INJECTION]: The skill processes external data from a remote URL and user-provided code files, which presents a surface for indirect prompt injection. The risk is considered SAFE due to the following: 1) Ingestion points: guidelines are fetched via WebFetch from a remote markdown file and user code is read from local files. 2) Boundary markers: no explicit markers are defined to isolate fetched content. 3) Capability inventory: the skill is limited to reading files and outputting text; it lacks high-risk capabilities like code execution, system modification, or network exfiltration. 4) Sanitization: no explicit filtering is performed on the fetched guidelines.
Audit Metadata