web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): Fetches instructions from 'https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md'. Per [TRUST-SCOPE-RULE], downloads from the 'vercel-labs' organization are considered trusted, downgrading this finding to LOW.
- PROMPT_INJECTION (LOW): Potential for Indirect Prompt Injection (Category 8). The skill processes untrusted user-provided UI files and applies external rules. However, the capability is limited to 'display only' (formatting/reporting), which minimizes the impact of potential malicious instructions embedded in the analyzed code.
Audit Metadata