web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill fetches instructions from a remote GitHub URL (vercel-labs/web-interface-guidelines). Since the repository belongs to a trusted organization, the risk is downgraded per security protocols.
- INDIRECT PROMPT INJECTION (LOW): The skill loads external rules to guide its analysis, which is a potential vector for instruction override. Evidence Chain: 1. Ingestion points: Guidelines fetched from command.md via WebFetch. 2. Boundary markers: Absent; the skill does not wrap the fetched content in delimiters. 3. Capability inventory: File system read access (to audit files) and network fetch capability. 4. Sanitization: Absent; fetched instructions are followed directly without validation.
Audit Metadata