web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches design guidelines from Vercel Labs' official GitHub repository at
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. This is a trusted source and is used to inform the agent's review logic. - [PROMPT_INJECTION]: The skill processes user-provided files as input for UI reviews, which creates a surface for indirect prompt injection if those files contain malicious instructions disguised as UI code.
- Ingestion points: Local files matched by the
<file-or-pattern>argument. - Boundary markers: None explicitly defined in the skill instructions to separate file content from agent instructions.
- Capability inventory: Reading local files via filesystem access.
- Sanitization: No sanitization or validation of the file content is performed before processing.
Audit Metadata