Skills
skills/johnsonmao/skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches content from 'https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md' to determine its rules and behavior. While this is an external dependency, the 'vercel-labs' organization is a trusted source, allowing for a severity downgrade per [TRUST-SCOPE-RULE].
  • PROMPT_INJECTION (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8) because it treats remote data as executable instructions for the agent.
  • Ingestion points: The 'command.md' file fetched via WebFetch in 'SKILL.md'.
  • Boundary markers: Absent; the instructions tell the agent to 'apply all rules from the fetched guidelines' without explicit delimiters for the external content.
  • Capability inventory: The skill has the capability to read local files provided by the user.
  • Sanitization: Absent; there is no validation of the remote content before it is adopted as agent instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:37 PM