Skills
skills/millionco/react-doctor/writing-guidelines/Gen Agent Trust Hub

writing-guidelines

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches fresh writing guidelines from Vercel Labs' official GitHub repository (https://raw.githubusercontent.com/vercel-labs/writing-guidelines/main/command.md). This is a well-known and trusted source for development resources.
  • [INDIRECT_PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes untrusted documents provided by the user and follows instructions fetched from a remote source.
  • Ingestion points: Local files or patterns specified by the user in SKILL.md.
  • Boundary markers: Not explicitly defined to isolate document content from processing instructions.
  • Capability inventory: Reading local files and fetching content via WebFetch tools.
  • Sanitization: No explicit content sanitization or instruction-filtering is implemented for the data being audited.
  • [METADATA_POISONING]: The skill metadata lists 'vercel' as the author, which differs from the provided author context 'millionco'. While inconsistent, this does not currently present a security risk given the benign nature of the instructions and the use of trusted external resources.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:29 AM
Security Audit — agent-trust-hub — writing-guidelines