web-design-guidelines
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches a markdown file from
raw.githubusercontent.com/vercel-labs/. Per the security policy, this is considered a trusted source, resulting in a LOW severity for the download action itself. - [PROMPT_INJECTION] (MEDIUM): The skill exhibits an indirect prompt injection surface (Category 8) by dynamically fetching its operating instructions from an external source. If the remote source were compromised, it could override the agent's behavior during the file review process.
- Ingestion points: Guidelines are fetched from an external URL defined in
SKILL.mdusing WebFetch. - Boundary markers: None; the agent is instructed to 'Apply all rules from the fetched guidelines' without isolation.
- Capability inventory: The skill has the capability to read local files (provided by user/pattern) and output content back to the agent context.
- Sanitization: None; the remote content is treated as a trusted set of instructions for the audit.
Audit Metadata