Skills
skills/zackkorman/skills/web-design-guidelines-5/Gen Agent Trust Hub

web-design-guidelines-5

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill fetches a markdown file from a remote source to determine its rules and output format.
  • Evidence: Fetching from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md.
  • Trusted Source: The URL belongs to the vercel-labs organization, which is a trusted source. Per security guidelines, this finding is downgraded to LOW.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it treats external data as instructions.
  • Ingestion points: The skill fetches guidelines from a remote URL and processes user-provided UI code files.
  • Boundary markers: Absent. There are no instructions to the agent to ignore potentially malicious instructions embedded in the fetched guidelines or the files being reviewed.
  • Capability inventory: The skill can read local files and perform network requests (via WebFetch).
  • Sanitization: Absent. The skill is instructed to strictly follow the instructions found within the external command.md file.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 01:49 PM