web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill dynamically fetches its ruleset from a remote URL:
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. - Evidence: The URL points to the
vercel-labsGitHub organization, which is defined as a Trusted External Source. Per [TRUST-SCOPE-RULE], this finding is downgraded to LOW. - [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection if the files being audited contain malicious instructions aimed at the AI agent.
- Ingestion points: Processes local files provided by the user and remote instructions from GitHub.
- Boundary markers: Absent; the skill does not define specific delimiters or 'ignore' instructions for the data it processes.
- Capability inventory: Access to read local files and perform network requests via WebFetch.
- Sanitization: None; the skill reads and applies rules directly from the fetched content.
Audit Metadata