Skills
NYC
skills/smithery/ai/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill fetches its core logic and instructions from a remote Markdown file. This creates an exploitable surface where the agent is instructed to follow rules defined outside of the skill's static code.
  • Ingestion points: Remote content from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md is processed as instructions.
  • Boundary markers: None identified. The skill explicitly directs the agent to "Apply all rules from the fetched guidelines" without validation or isolation.
  • Capability inventory: The agent has the capability to read local files (UI code) and output findings. Maliciously injected instructions could redirect this capability to read sensitive files (e.g., .env, credentials) and leak them through the output stream.
  • Sanitization: None. The agent blindly trusts the content of the remote guidelines.
  • [External Downloads] (LOW): The skill downloads content from a remote URL at runtime.
  • Source: vercel-labs GitHub repository.
  • Trust Status: Trusted. The repository falls under the vercel-labs trusted organization scope. Per [TRUST-SCOPE-RULE], this specific finding is downgraded to LOW, though the resulting behavior retains HIGH severity.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:35 AM