web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill fetches an instruction file from an external URL to determine its behavior at runtime.
- Evidence: The skill uses WebFetch to retrieve
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. - Trust Context: The repository
vercel-labs/web-interface-guidelinesis part of thevercel-labsorganization, which is a Trusted External Source. Per the [TRUST-SCOPE-RULE], this finding is downgraded to LOW. - PROMPT_INJECTION (LOW): The skill exhibits a surface for indirect prompt injection by processing untrusted data (user files) alongside remote instructions.
- Ingestion points: The skill reads external content from a GitHub URL and user-provided files/patterns (SKILL.md).
- Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded commands within the files being reviewed.
- Capability inventory: The skill uses
WebFetchfor network reads and has the ability to read local files via the agent's filesystem tools. - Sanitization: Absent; the fetched content and user files are used directly to influence the agent's output logic.
- DATA_EXFILTRATION (SAFE): The skill reads local files for the purpose of a UI review. While it performs a network request to fetch guidelines, it does not send the contents of the local files to an external endpoint; the analysis results are returned to the user.
Audit Metadata