Skills
skills/poletron/custom-rules/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches a markdown file from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. According to the [TRUST-SCOPE-RULE], sources from the 'vercel-labs' organization are considered trusted, downgrading the severity of the remote fetch.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection because it instructs the agent to 'Apply all rules' from a remote file. If the source were compromised, it could influence agent behavior.
  • Ingestion points: Remote content fetched via WebFetch from GitHub.
  • Boundary markers: Absent; the instructions are treated as authoritative rules without delimiters.
  • Capability inventory: The skill has the ability to read local files within the specified scope.
  • Sanitization: None; the agent consumes the remote markdown as a direct instruction set.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:31 PM