Skills
skills/ratacat/claude-skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill fetches content from a remote URL to determine its logic.
  • Evidence: https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md referenced in SKILL.md.
  • Trust Status: The vercel-labs organization is a trusted source per [TRUST-SCOPE-RULE], which downgrades the download finding itself to LOW.
  • [PROMPT_INJECTION] (HIGH): The skill exhibits an Indirect Prompt Injection surface by treating remote, dynamic content as system-level instructions.
  • Ingestion points: The agent fetches instructions via WebFetch from the Guidelines Source.
  • Boundary markers: Absent. There are no delimiters or sanitization steps mentioned to separate the fetched 'rules' from the agent's core instructions.
  • Capability inventory: The agent is explicitly granted permission to 'Read the specified files' on the user's system.
  • Sanitization: Absent. The skill instructions state that 'The fetched content contains all the rules and output format instructions,' meaning the remote content has full control over the agent's output behavior.
  • Risk: A compromise of the external GitHub repository would allow an attacker to inject instructions to exfiltrate the contents of the local files being reviewed to an external endpoint or bypass security constraints.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:29 AM