web-design-guidelines

Name: agent-skills/web-design-guidelines
Author: vercel-labs

Share on X Share on LinkedIn Share on Bluesky

70High

The skill facilitates remote prompt injection by fetching and executing authoritative instructions from an external URL, allowing attackers to hijack agent behavior while bypassing security review processes.

ThreatsCI SM CS BC S HITL

Threat Analysis

AI Agent Traps ↗Scanned 6/20/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoning2 findings

Cognitive StateMemory & Learningclean

Behavioural ControlActionclean

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namevercel-labs/agent-skills/web-design-guidelines

Registrygithub

Versionf8a72b960372

PURLpkg:github/vercel-labs/agent-skills@f8a72b960372?skill=web-design-guidelines

Stars28,131

Installs403,600

Source

Repository ↗SKILL.md ↗

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

403,500 installs

Skills.shDocs

npx skills add https://github.com/vercel-labs/agent-skills

Assessments (3)

AI Agent Traps ↗

Indirect prompt injection via remote guidelineshighindirect prompt injection

The skill instructs the agent to fetch external content from a URL and treat it as authoritative instructions for rule-checking and output formatting, allowing an attacker to hijack the agent's behavior.

90% confidence

Fetch fresh guidelines before each review: https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md

Unverified external content treated as executable instructionshighoversight evasionAML.T0054LLM01:2025LLM07:2025

The skill delegates its actual behavioral rules entirely to a remotely fetched document, meaning the user reviewing the skill package cannot know what instructions the agent will actually follow at runtime. This bypasses human review of the skill's true behavior.

92% confidenceline 29

Use WebFetch to retrieve the latest rules. The fetched content contains all the rules and output format instructions.

Impersonation of trusted vendor (Vercel) for credibilitymediumsocial engineeringAML.T0052.000LLM09:2025

The skill sets `author: vercel` in metadata and references a `vercel-labs` GitHub organization, lending false authority to the remote content source. This increases the likelihood a user or agent will trust and execute whatever the remote URL returns without scrutiny.

80% confidence

metadata:
  author: vercel
...
https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md

Missing licenseinfopolicy violation

Skill does not specify a license field. Specifying a license helps users understand usage terms.

100% confidence

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/agent-skills/web-design-guidelines.svg)](https://mondoo.com/ai-agent-security/skills/github/vercel-labs/agent-skills/web-design-guidelines)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/vercel-labs/agent-skills/web-design-guidelines"><img src="https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/agent-skills/web-design-guidelines.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/agent-skills/web-design-guidelines.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow