Skills
skills/phrazzld/claude-config/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches dynamic instructions from a remote URL at runtime.
  • Evidence: https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md is used as the source for rules.
  • Trust Status: The repository vercel-labs belongs to a Trusted GitHub Organization. Per the [TRUST-SCOPE-RULE], this finding is downgraded to LOW.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from local files and remote guidelines.
  • Ingestion points: Remote markdown guidelines and local files specified by the user.
  • Boundary markers: No explicit delimiters or 'ignore instructions' warnings are defined in the skill for the ingested content.
  • Capability inventory: The skill possesses file-reading capabilities and network-fetching capabilities (WebFetch).
  • Sanitization: No sanitization or validation of the fetched guidelines or local file content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:13 PM