web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill fetches guidelines from
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.mdbefore each run. - Evidence: The URL belongs to the
vercel-labsGitHub organization, which is explicitly listed as a Trusted External Source. - [TRUST-SCOPE-RULE]: Per the security policy, downloads from trusted sources are downgraded to LOW/SAFE. No malicious behavior was detected in the skill's handling of this data.
- [COMMAND_EXECUTION] (SAFE): The skill reads local files based on user-provided patterns.
- Evidence: The file reading is limited to the arguments provided by the user for the purpose of UI auditing.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface via external guidelines.
- Evidence: The skill ingests remote Markdown content and treats it as 'rules' for the LLM to follow.
- Risk Assessment: While this is a theoretical attack vector, the use of a Trusted External Source (Vercel) significantly mitigates the risk of malicious instruction injection.
Audit Metadata