web-design-guidelines-2
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill is configured to download content from an untrusted GitHub repository (ZackKorman) using WebFetch for every execution.
- REMOTE_CODE_EXECUTION (HIGH): The skill fetches a remote markdown file and explicitly treats it as the agent's logic ('The fetched content contains all the rules and output format instructions'). In the context of AI agents, this is equivalent to fetching and executing a remote script.
- PROMPT_INJECTION (MEDIUM): The skill relies on unvalidated external content to define its behavior, which can be modified to bypass safety filters or perform malicious tasks under the guise of 'design guidelines'.
- DATA_EXFILTRATION (LOW): While no exfiltration is currently scripted, the combination of file-reading capabilities and remote instruction fetching creates a surface where a malicious update to the remote guidelines could command the agent to send file contents to an attacker-controlled endpoint.
Recommendations
- AI detected serious security threats
Audit Metadata