Skills
skills/peterfile/my-common-skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill is designed to fetch its operational guidelines from a remote GitHub URL at runtime.
  • Evidence: Fetching from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md using WebFetch.
  • Trust Context: The URL points to the vercel-labs organization, which is a predefined trusted source. Per the [TRUST-SCOPE-RULE], this finding is downgraded to LOW.
  • [PROMPT_INJECTION] (LOW): The skill has an Indirect Prompt Injection surface because it processes untrusted user data (UI code) alongside fetched instructions.
  • Ingestion points: SKILL.md (Step 2) reads user-specified files or patterns.
  • Boundary markers: None identified in the skill instructions to separate user data from guidelines.
  • Capability inventory: Includes WebFetch and local file reading.
  • Sanitization: No explicit sanitization or filtering of the content being reviewed is mentioned.
  • Analysis: If a user file contains instructions disguised as UI code (e.g., hidden in comments), it could potentially influence the agent's review output or behavior.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 01:05 PM