web-design-guidelines
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the latest web design guidelines from the official Vercel Labs GitHub repository. This external download is a core part of the skill's logic and originates from a well-known, reputable organization.
- [PROMPT_INJECTION]: The skill analyzes untrusted data from external websites and local project files, which creates a surface for indirect prompt injection. 1. Ingestion points: Reads local project files and navigates to user-provided URLs. 2. Boundary markers: The skill does not define specific delimiters to isolate analyzed content from agent instructions. 3. Capability inventory: The skill can modify local source code and perform browser automation (Playwright). 4. Sanitization: There is no documented validation or sanitization of the ingested external content. This risk is managed by the skill's primary intended use-case of auditing provided code.
Audit Metadata