web-design-guidelines-8
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill fetches guidelines from
https://raw.githubusercontent.com/render-oss/web-interface-guidelines/main/command.md. The repositoryrender-ossis not a trusted source according to defined security protocols. Since this file is used to dictate the agent's logic, its untrusted nature poses a risk. - PROMPT_INJECTION (LOW): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: The external URL
https://raw.githubusercontent.com/render-oss/web-interface-guidelines/main/command.mdis fetched and processed at runtime. 2. Boundary markers: Absent. No delimiters or system instructions are provided to the agent to prevent the fetched content from overriding its internal behavior. 3. Capability inventory: The skill has the capability to read local files (Read the specified files). 4. Sanitization: Absent. The skill instructions explicitly tell the agent that 'the fetched content contains all the rules and output format instructions,' inviting the model to follow whatever is present in the remote file.
Audit Metadata