Skills
skills/xingyu4j/skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches design guidelines from Vercel Labs' official GitHub repository.
  • [PROMPT_INJECTION]: The skill metadata identifies the author as 'vercel', which is deceptive as the actual author provided by the system is 'xingyu4j'. This misrepresentation can mislead users and agents regarding the skill's safety and origin.
  • [PROMPT_INJECTION]: Potential for indirect prompt injection as the skill processes content from untrusted user-provided files.
  • Ingestion points: Reads file content based on user-specified paths or patterns in SKILL.md.
  • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands within the audited files.
  • Capability inventory: Performs local file reading and remote content fetching.
  • Sanitization: No sanitization or content filtering is implemented for the data being analyzed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 05:11 AM