Skills
skills/vercel/examples/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill fetches instructions from 'https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md'. Since 'vercel-labs' is a trusted GitHub organization, this finding is downgraded per security policy.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests instructions from an external source and applies them to user-provided data.
  • Ingestion points: Guidelines fetched from GitHub and local UI code files specified by the user.
  • Boundary markers: None identified; instructions from the external file are applied directly.
  • Capability inventory: File read access (to review UI code).
  • Sanitization: None; the skill assumes the external guidelines and local files are safe to process.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:20 PM