web-design-guidelines
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches design guidelines from Vercel Labs' official GitHub repository.
- [PROMPT_INJECTION]: Metadata discrepancy detected. The skill metadata identifies the author as 'vercel', which contradicts the provided skill provider identity 'louyunxi'. This misrepresentation can mislead users regarding the skill's origin.
- [PROMPT_INJECTION]: Indirect prompt injection surface exists as the skill processes external data to derive instructions.
- Ingestion points: Fetches guidelines from 'https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md' and user-specified files.
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present.
- Capability inventory: The skill utilizes file system read access for UI review.
- Sanitization: No sanitization or escaping of external content is specified before processing.
Audit Metadata