web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches configuration and guidelines from Vercel Labs' official GitHub repository.
- [PROMPT_INJECTION]: The skill processes external data from a remote URL and user-provided files, which serves as a surface for indirect prompt injection.
- Ingestion points: Remote markdown file (command.md) and local UI files.
- Boundary markers: Not explicitly defined in the skill instructions.
- Capability inventory: File system read access and network fetch capability (via WebFetch).
- Sanitization: No sanitization or validation logic for the fetched content is identified in the skill configuration.
Audit Metadata