web-design-guidelines
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches markdown instructions from
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. Per [TRUST-SCOPE-RULE], this is a trusted organization (Vercel), which downgrades the risk of the download itself, but the dependency on external content remains. - [PROMPT_INJECTION] (MEDIUM): Identified Indirect Prompt Injection surface (Category 8).
- Ingestion points: The skill dynamically fetches rules from an external URL (
command.md) via WebFetch. - Boundary markers: Absent. The instructions do not use delimiters or provide warnings to the agent to ignore embedded instructions within the fetched file.
- Capability inventory: The skill is designed to read local UI source code files to perform audits. While it doesn't explicitly define exfiltration tools, the agent's broad capabilities are influenced by the fetched 'rules'.
- Sanitization: Absent. The skill explicitly instructs the agent to 'Apply all rules from the fetched guidelines' and notes that the fetched content contains 'output format instructions'.
- Risk: An attacker who compromises the remote markdown file could redirect the agent's behavior, potentially leading to data exposure of the UI code being reviewed.
Audit Metadata