Skills
skills/magnusrodseth/dotfiles/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: The skill fetches instructions from an external URL: https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md.
  • Boundary markers: Absent. The skill explicitly instructs the agent that "The fetched content contains all the rules and output format instructions," effectively granting the remote content full control over the agent's logic for the task.
  • Capability inventory: The skill possesses the capability to read local files (via the <file-or-pattern> argument) and perform network operations (via WebFetch).
  • Sanitization: None. There is no validation or filtering of the remote content before it is processed as instructions.
  • Risk: If the remote source is compromised, an attacker can modify the command.md to instruct the agent to include sensitive file contents in its "findings" or use WebFetch to exfiltrate the code to an external server.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill downloads content from an external source.
  • Evidence: Fetches from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md.
  • Trust Status: Per [TRUST-SCOPE-RULE], this is downgraded to LOW/INFO because vercel-labs is an explicitly trusted GitHub organization. However, this does not mitigate the capability risks identified in the Prompt Injection category.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:35 AM