web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches guidelines from the 'vercel-labs' organization on GitHub. As this is a well-known service and a trusted organization, the operation is documented as safe and is central to the skill's intended functionality.
- [PROMPT_INJECTION]: Analyzed the surface for indirect prompt injection within the auditing workflow. 1. Ingestion points: User-provided local files and a remote rules file from a trusted Vercel repository. 2. Boundary markers: None identified in the skill logic. 3. Capability inventory: File system read access and network fetch (WebFetch). 4. Sanitization: No explicit content sanitization is performed. The risk is considered negligible due to the trusted status of the external source.
- [PROMPT_INJECTION]: Note: There is a discrepancy between the author 'Tai-ch0802' and the metadata author 'vercel'. While misleading metadata can be used to falsely project trust, the skill correctly references official Vercel infrastructure, indicating it is likely a legitimate deployment or copy of a trusted tool.
Audit Metadata