Trust Assessment
web-design-guidelines received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Dynamic loading of untrusted instructions from external URL, Data exfiltration risk via broad file access and dynamic instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Dynamic loading of untrusted instructions from external URL The skill is designed to fetch "rules" and "output format instructions" from an external URL (https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md) and then "apply" them. This mechanism allows an attacker who compromises the remote file or repository to inject arbitrary instructions into the host LLM, effectively performing a prompt injection attack. The fetched content directly dictates the skill's behavior, including how it processes and outputs information. This also creates a supply chain risk as the skill's integrity depends on an external, unverified source. Do not dynamically load and execute/interpret external content as instructions or rules. All operational logic and instructions should be self-contained within the skill package. If external data is required, it must be strictly validated, parsed, and used only as data, not as executable instructions or control flow. Consider embedding rules directly or using a secure, signed, and versioned configuration mechanism if dynamic updates are absolutely necessary. | LLM | SKILL.md:19 | |
| HIGH | Data exfiltration risk via broad file access and dynamic instructions The skill explicitly states it will "Read the specified files (or prompt user for files/pattern)". When combined with the ability to dynamically fetch and "apply" external "rules" and "output format instructions" (as identified in SS-LLM-001), this creates a severe data exfiltration risk. A malicious actor controlling the remote `command.md` file could instruct the skill to read sensitive files from the host system (e.g., `/etc/passwd`, `.env` files, user's code) and then include their contents in the skill's output, bypassing typical security controls. Restrict file access permissions to the absolute minimum necessary paths and file types. Implement strict validation and sanitization of any dynamically loaded rules, ensuring they cannot dictate file access or output sensitive information. The skill should never allow external instructions to control which files are read or how their content is handled. | LLM | SKILL.md:12 |
Scan History
Embed Code
[](https://skillshield.io/report/f79514648b4c9a3d)
Powered by SkillShield