web-design-guidelines-7
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill dynamically fetches operational instructions from a third-party GitHub repository (railwayapp/web-interface-guidelines). Because this source is not on the pre-approved trusted list, the content is unverifiable. The severity is reduced to LOW as this is the primary intended behavior of the skill.
- PROMPT_INJECTION (LOW): The skill demonstrates an indirect prompt injection surface by integrating externally sourced instructions directly into the agent's context. 1. Ingestion points: The guidelines are retrieved from raw.githubusercontent.com via WebFetch. 2. Boundary markers: Absent; the skill does not use delimiters to isolate external instructions from core logic. 3. Capability inventory: The agent has the capability to read local file content. 4. Sanitization: None; the external content is processed as-is.
Audit Metadata