Skills
skills/vercel-labs/agent-eval/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill dynamically fetches its operational logic and guidelines from a remote GitHub URL: https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md.
  • Evidence: The skill instructions mandate using 'WebFetch' to retrieve rules before each review.
  • Trust Status: The repository vercel-labs is part of a trusted organization. Under the [TRUST-SCOPE-RULE], fetching content from this specific source is downgraded to LOW severity.
  • [PROMPT_INJECTION] (LOW): The skill demonstrates a surface for indirect prompt injection by processing instructions from an external source (Category 8).
  • Ingestion points: Remote instruction file command.md and user-provided source code files.
  • Boundary markers: Absent. The skill does not define specific delimiters for the fetched instructions or user code.
  • Capability inventory: File system read access (to audit code) and network access (to fetch guidelines).
  • Sanitization: None detected. The skill assumes the integrity of the fetched markdown file for defining its behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:01 PM