Skills
skills/zackkorman/skills/web-design-guidelines-9/Gen Agent Trust Hub

web-design-guidelines-9

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill is configured to fetch guidelines from raw.githubusercontent.com/netlify/web-interface-guidelines/main/command.md. Since the 'netlify' organization is not on the predefined list of trusted sources, this remote content is considered untrusted. The skill explicitly treats this content as instructions ('contains all the rules and output format instructions'), creating a dependency on external, unverified data for its core logic.
  • PROMPT_INJECTION (LOW): This finding identifies an Indirect Prompt Injection vulnerability surface.
  • Ingestion points: The agent fetches command.md from an external repository using WebFetch.
  • Boundary markers: Absent. The instructions do not define delimiters or warnings to prevent the agent from obeying malicious instructions embedded within the fetched markdown file.
  • Capability inventory: The skill has the capability to read local files provided by the user and perform network operations via WebFetch.
  • Sanitization: Absent. There is no evidence of validation or sanitization of the remote content before it is processed as instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 01:49 PM