web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches instructions from 'https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md' at runtime. Per [TRUST-SCOPE-RULE], because 'vercel-labs' is a trusted GitHub organization, the severity is downgraded to LOW.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through user-provided code files. Evidence Chain: 1. Ingestion points: Local files or patterns provided by the user. 2. Boundary markers: Absent. 3. Capability inventory: WebFetch and local file reading. 4. Sanitization: Absent.
Audit Metadata