web-design-guidelines
Warn
Audited by Snyk on Jun 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider free text can enter the LLM context via Step 1 “Fetch Guidelines” at runtime from a public GitHub URL (vercel-labs/web-interface-guidelines), whose fetched prose/rules are then analyzed and used in the response.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill's runtime explicitly fetches and applies external rules from https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md on every review, and the fetched content is used to control the agent's analysis and output.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata