web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches guidelines from an external source at runtime. * Evidence: Fetching from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. * Execution Method: WebFetch (interpreted as instructions). * Source Status: Trusted (Vercel-Labs). * Context: Per the [TRUST-SCOPE-RULE], the download itself is downgraded to LOW.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). * Ingestion points: Processes user-provided UI code files and remote markdown. * Boundary markers: No explicit delimiters or safety warnings mentioned in SKILL.md. * Capability inventory: Read access to local files and WebFetch network capability. * Sanitization: No sanitization of user-provided content before processing.
Audit Metadata