Skills
skills/infrasity-labs/dev-gtm-claude-skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches guidelines from Vercel Labs' official GitHub repository at github.com/vercel-labs/web-interface-guidelines. This is a trusted source for design and code standards.
  • [COMMAND_EXECUTION]: Executes a local Python script skills/ui-ux-pro-max/scripts/search.py to retrieve remediation guidance. The script is invoked with fixed search parameters based on audit findings.
  • [PROMPT_INJECTION]: The skill ingests guidelines from an external source and follows instructions contained within them. This creates an indirect prompt injection surface. However, the ingestion point is a well-known service and the risk is mitigated by the trusted nature of the repository.
  • Ingestion points: SKILL.md fetches guidelines from raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md.
  • Boundary markers: None identified in the skill instructions to separate guidelines from system instructions.
  • Capability inventory: The skill can execute local python scripts via search.py as seen in the remediation section.
  • Sanitization: No specific sanitization or filtering of the fetched guidelines is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 11:43 PM
Security Audit — agent-trust-hub — web-design-guidelines