web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches design guidelines from Vercel Labs' official GitHub repository (https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md) to serve as the rule set for code reviews.
- [INDIRECT_PROMPT_INJECTION]: The skill processes instructions fetched from a remote source, which introduces a potential surface for indirect injection if the source were compromised.
- Ingestion points: Instructions are retrieved via URL in SKILL.md.
- Boundary markers: No explicit markers or delimiters are used to wrap the fetched content.
- Capability inventory: The skill is limited to reading local files and providing feedback.
- Sanitization: No validation or sanitization is performed on the remote instructions before they are applied.
Audit Metadata