design
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): In references/design-audit.md, the skill instructs the agent to fetch audit guidelines from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. While the vercel-labs organization is in the trusted sources list, fetching external content at runtime creates a dependency on remote data. Per the [TRUST-SCOPE-RULE], this is classified as LOW severity.
- [PROMPT_INJECTION] (LOW): The design audit workflow is susceptible to indirect prompt injection (Category 8). The agent is directed to fetch external rules and apply them to user-provided code, which could lead to malicious instructions being followed if the source or the files being audited are compromised. Evidence: 1. Ingestion points: references/design-audit.md (remote markdown) and user-provided code files. 2. Boundary markers: No explicit delimiters or instructions are provided to distinguish system rules from fetched guidelines or user content. 3. Capability inventory: The agent performs deep analysis of provided files and generates formatted reports. 4. Sanitization: There is no instruction to validate, escape, or filter content from the remote guidelines or user files.
Audit Metadata