Skills
skills/oimiragieo/agent-studio/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill is configured to fetch guidelines from 'https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md'. While this involves a remote download, the source belongs to a trusted organization (vercel-labs), which downgrades the risk.
  • PROMPT_INJECTION (LOW): The skill exhibits an Indirect Prompt Injection surface by fetching markdown content from a remote URL and instructing the agent to follow the rules contained within that content.
  • Ingestion points: Remote guideline URL specified in 'SKILL.md'.
  • Boundary markers: Absent; the agent is simply told to 'Check against all rules in the fetched guidelines'.
  • Capability inventory: File system read operations (reading user-specified UI code files).
  • Sanitization: Absent; the fetched instructions are directly incorporated into the agent's task logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 12:51 PM