Skills
skills/trancong12102/ccc/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches instructions from an external URL at runtime.
  • Evidence: Source URL https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md found in SKILL.md.
  • Trust Status: The organization vercel-labs is a Trusted External Source. Per [TRUST-SCOPE-RULE], the download of instructions from this repository is downgraded to LOW severity.
  • PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface by combining untrusted user-provided files with remote instructions.
  • Ingestion points: Reads user-specified files and fetches remote command.md (SKILL.md).
  • Boundary markers: Absent; there are no explicit delimiters to isolate the code being reviewed from the agent's instructions.
  • Capability inventory: File system read access and network read access (WebFetch).
  • Sanitization: Absent; the skill does not mention escaping or validating the content of the fetched guidelines or the files being audited.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:27 PM