Skills
skills/marcioaltoe/skills/web-design-guidelines/Gen Agent Trust Hub

web-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches design guidelines from Vercel's official GitHub repository (vercel-labs) using WebFetch. This is a safe operation involving a trusted organization and a well-known service.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting external instructions and user code. The analysis of this surface is as follows:
  • Ingestion points: Fetches instructions from a remote Markdown file (command.md) and reads local UI files provided by the user.
  • Boundary markers: None identified in the skill definition to delimit external content.
  • Capability inventory: Uses WebFetch and file reading tools to process content.
  • Sanitization: No explicit sanitization or escaping of the fetched instructions. However, since the source is a trusted vendor repository, the risk is considered low and the overall behavior is safe.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:26 PM
Security Audit — agent-trust-hub — web-design-guidelines