Skills
skills/petekp/claude-code-setup/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [External Downloads] (LOW): The skill fetches content from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. Although this is a remote fetch, the organization vercel-labs is explicitly listed as a Trusted GitHub Organization, resulting in a downgrade to LOW severity per [TRUST-SCOPE-RULE].
  • [Indirect Prompt Injection] (LOW): The skill is designed to fetch instructions from an external URL and apply them to local files, creating a surface for potential injection if the remote source were compromised.
  • Ingestion points: Remote markdown fetch defined in SKILL.md.
  • Boundary markers: Absent. There are no explicit delimiters or instructions to ignore malicious content embedded in the fetched guidelines.
  • Capability inventory: WebFetch (network read) and local file system read access.
  • Sanitization: Absent. The agent is instructed to apply all rules from the fetched content directly to the user's code.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:16 PM