web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches design guidelines from Vercel Labs' official GitHub repository (vercel-labs/web-interface-guidelines) to serve as the rule set for its audits.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it incorporates instructions from an external file and processes user-provided code.
- Ingestion points: Reads local UI code files and fetches the
command.mdfile from a remote repository. - Boundary markers: Absent. The instructions do not specify delimiters to separate the retrieved guidelines or user code from the agent's core logic.
- Capability inventory: The skill uses file-read capabilities and WebFetch for network operations.
- Sanitization: No explicit sanitization or filtering of the content from the external guidelines or user files is performed before the agent interprets them.
Audit Metadata