Skills
skills/nullvoxpopuli/agent-skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill fetches guidelines from 'https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md'. Since 'vercel-labs' is a Trusted GitHub Organization, the severity is downgraded to LOW per the TRUST-SCOPE-RULE.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it fetches and executes instructions from an external source without explicit boundary markers.
  • Ingestion points: SKILL.md fetches guidelines from an external GitHub URL via WebFetch.
  • Boundary markers: Absent; the agent is instructed to 'Apply all rules from the fetched guidelines'.
  • Capability inventory: Reading local files and network fetching.
  • Sanitization: Absent; the skill trusts the remote markdown content to provide formatting and rules.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:26 PM