web-design-guidelines

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch live guidelines from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md and to read and apply those public GitHub-hosted rules and output-format instructions as part of its workflow, which exposes the agent to untrusted third-party content that can change its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches runtime instructions and rules from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md which are used to control the agent's review logic and output format, so the external content directly controls prompts and is required at runtime.