web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill retrieves guidelines from
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. Under the [TRUST-SCOPE-RULE], this finding is downgraded to LOW because thevercel-labsorganization is a trusted GitHub entity. No scripts or executables are downloaded. - PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface by dynamically ingesting instructions from a remote URL to guide its auditing logic.
- Ingestion points: Remote markdown fetched via WebFetch and interpreted as guidelines.
- Boundary markers: Absent; the skill does not explicitly define delimiters for the external content.
- Capability inventory: The skill can read local files and perform network fetches, but does not have permission for shell execution or arbitrary file writes.
- Sanitization: No sanitization of the remote content is mentioned.
- Context: Because the source is trusted and the skill's capabilities are restricted to analysis and reporting, the severity remains LOW.
Audit Metadata