Trust Assessment
web-design-guidelines received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Remote Instruction Injection via Untrusted External Source, Potential Data Exfiltration via Remotely Injected Instructions.
The analysis covered 4 layers: llm_behavioral_safety, dependency_graph, static_code_analysis, manifest_analysis. The llm_behavioral_safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Instruction Injection via Untrusted External Source The skill fetches 'guidelines' from a remote URL (`https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md`) and then 'applies all rules' and uses 'output format instructions' from this fetched content. This creates a critical remote instruction injection vulnerability. If the remote repository or the fetched file is compromised, an attacker could inject arbitrary instructions, rules, or prompt directives into the agent's execution flow, potentially leading to prompt injection, data exfiltration, or other malicious actions. The agent is effectively executing instructions from an external, unverified source at runtime. Avoid fetching executable instructions or rules from untrusted or unverified remote sources at runtime. If external content is necessary, it must be strictly validated, sandboxed, and ideally fetched from an immutable, trusted source with content hashing. Consider embedding the rules directly within the skill or using a declarative data format that cannot be interpreted as instructions by the LLM. | Unknown | SKILL.md:20 | |
| HIGH | Potential Data Exfiltration via Remotely Injected Instructions The skill is designed to 'Read the specified files' and then 'Output findings using the format specified in the guidelines'. Given that the 'guidelines' are fetched from a remote, untrusted source (as identified in SS-LLM-001), an attacker who compromises this source could inject instructions into the fetched guidelines that direct the agent to read sensitive local files and include their content within the 'findings' output. This creates a direct path for data exfiltration of any files the agent has read access to. In addition to preventing remote instruction injection, ensure that any data read from local files is processed and outputted only according to strict, predefined, and immutable rules embedded within the skill itself, not dictated by external, untrusted sources. Implement strict sanitization and validation of output content to prevent accidental or malicious inclusion of sensitive data. | Unknown | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/2ad48f4d3702998f)
Powered by SkillShield