web-design-guidelines
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill fetches a 'command.md' file from
vercel-labs/web-interface-guidelines. Per the [TRUST-SCOPE-RULE],vercel-labsis a trusted source, which downgrades the risk of the download itself. - PROMPT_INJECTION (MEDIUM): Category 8 (Indirect Prompt Injection). The skill is designed to fetch remote instructions and apply them as rules to local files. This model lacks boundary markers or sanitization, meaning the agent could be manipulated if the remote file or the user-provided files contain adversarial instructions.
- Ingestion points: Remote URL (command.md) and user-provided UI files.
- Boundary markers: Absent; there are no instructions to delimit fetched rules from user content.
- Capability inventory: File system read access and the ability to process remote content as behavioral instructions.
- Sanitization: No input validation or rule filtering observed.
Audit Metadata