Security Audit
vercel-labs/agent-skills:skills/web-design-guidelines
github.com/vercel-labs/agent-skillsTrust Assessment
vercel-labs/agent-skills:skills/web-design-guidelines received a trust score of 57/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Dynamic Instruction Loading from External Source, Uncontrolled External Dependency for Core Logic.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on May 1, 2026 (commit ce3e64e4). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Dynamic Instruction Loading from External Source The skill is explicitly designed to fetch its core operational 'rules' and 'output format instructions' from an external, unversioned URL (`https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md`) before each review. The fetched content is then 'applied' and used to dictate the skill's behavior, including how it processes files and formats output. This creates a severe prompt injection vulnerability, as a malicious actor who gains control over the external URL or the `command.md` file can inject arbitrary instructions into the host LLM's context, effectively hijacking the agent's subsequent actions and potentially leading to data exfiltration, unauthorized actions, or further compromise. Do not load dynamic instructions or rules from external, untrusted sources. All operational logic and instructions should be self-contained within the skill package. If external data is required, it should be strictly data (e.g., JSON, YAML) and parsed safely, not interpreted as instructions. Implement strict validation and sanitization for any external content. Pin the version of the guidelines if they must be external, and ideally, embed them directly. | LLM | SKILL.md:19 | |
| HIGH | Uncontrolled External Dependency for Core Logic The skill's fundamental behavior is dictated by content fetched from an external, unversioned URL (`https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md`). This introduces a significant supply chain risk. Any compromise of the `vercel-labs/web-interface-guidelines` repository or the `main` branch of the `command.md` file would directly affect the skill's execution, allowing an attacker to inject malicious instructions or alter its functionality without requiring an update to the skill package itself. The skill's security posture is entirely dependent on the security of an external, dynamic resource. Embed all critical operational logic and guidelines directly within the skill package. If external guidelines are absolutely necessary, they should be fetched from a trusted, versioned source (e.g., a specific commit hash or release tag) and undergo strict validation and sanitization before use. Consider cryptographic verification of fetched content. | Static | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/38d87b93358db44b)
Powered by SkillShield