Skills
skills/petekp/claude-skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches instructions from 'https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md'. Since 'vercel-labs' is a trusted organization, the severity of the remote fetch is downgraded per [TRUST-SCOPE-RULE].
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it treats fetched remote content as rules to follow while processing local data.
  • Ingestion points: Remote URL via WebFetch (command.md).
  • Boundary markers: Absent; the skill instructs the agent to 'Check against all rules in the fetched guidelines' without isolation.
  • Capability inventory: Reading local files and patterns provided by the user.
  • Sanitization: Absent; the content of the remote guidelines is applied directly as instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:44 PM