web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill fetches a markdown file from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md to use as a rule set. This is a trusted source (vercel-labs), which reduces the severity per security guidelines.
- PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface. 1. Ingestion points: Fetches instructions from a remote GitHub URL in SKILL.md. 2. Boundary markers: Absent; the fetched content is treated as authoritative instructions for the agent. 3. Capability inventory: The skill reads local user files to perform the audit. 4. Sanitization: Absent; the agent is directed to apply all rules from the fetched guidelines directly to the local data.
Audit Metadata