Skills
skills/vkboo/gsheet-crud/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill is designed to fetch auditing guidelines from a remote URL at runtime.\n
  • Evidence: Source URL: https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md.\n
  • Context: The organization vercel-labs is a Trusted GitHub Organization. Per [TRUST-SCOPE-RULE], the download finding is downgraded to LOW.\n- PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface (Category 8) when reviewing untrusted user files.\n
  • Ingestion points: Reads local files or patterns provided as arguments (SKILL.md, Usage section).\n
  • Boundary markers: Absent. The instructions do not specify delimiters or constraints to prevent the agent from following instructions embedded in audited code.\n
  • Capability inventory: Reads files, performs WebFetch, and generates reports (display-only capability).\n
  • Sanitization: Absent. The skill directly analyzes external file content against the fetched guidelines.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 10:47 AM