Skills
skills/revokslab/shipfree/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill is designed to fetch fresh instructions from a remote source before each review.
  • Evidence: It explicitly calls for WebFetch to retrieve https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md.
  • Trust Status: The source organization vercel-labs is categorized as a Trusted GitHub Organization. According to the [TRUST-SCOPE-RULE], this specific download finding is downgraded to LOW.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface by consuming external data that dictates its logic.
  • Ingestion points: Remote command.md file via WebFetch.
  • Boundary markers: Absent. The skill instructions do not specify delimiters to separate the fetched guidelines from the agent's core system prompt.
  • Capability inventory: The skill allows the agent to read arbitrary local files (via argument-hint) and output data.
  • Sanitization: Absent. The fetched content is used directly as instructions for the agent's review logic without validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:21 PM