web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches instructions from an external URL to determine auditing logic.
- Evidence: Source URL
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.mdused for fetching rules and formatting instructions. - Status: Trusted Source. The organization
vercel-labsis on the list of trusted entities. Per [TRUST-SCOPE-RULE], the severity is downgraded to LOW. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill behavior is dynamically defined by remote content, creating a potential injection surface.
- Ingestion points: Remote
command.mdfile (referenced inSKILL.md). - Boundary markers: Absent; the skill trusts the fetched markdown content to define rules and output formats.
- Capability inventory: File system read access (to review UI code) and agent response formatting.
- Sanitization: None specified for the fetched content. Severity is restricted to LOW as the source is trusted and no malicious execution was identified.
Audit Metadata