Skills
skills/jstarfilms/vibecode-protocol-suite/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches design rules and instructions from a remote URL (https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md). Per the [TRUST-SCOPE-RULE], because the source is a trusted GitHub organization (vercel-labs), the severity is downgraded to LOW.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to read and process untrusted user-provided files for UI reviews, creating a surface for indirect prompt injection.
  • Ingestion points: Local files specified by the user or identified via file patterns in the SKILL.md logic.
  • Boundary markers: None specified in the provided instructions; the skill relies on the LLM's internal parsing.
  • Capability inventory: The skill possesses file-read capabilities and generates output based on those reads.
  • Sanitization: No explicit sanitization or escaping of file content is described before the content is processed against the fetched guidelines.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:21 PM