First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
6
Score
32/100
Findings (6)
Detects fetching external URLs and using the content as agent instructions or rules
Fetch the latest guidelinesSanitize or validate all external inputs (file contents, API responses, user messages) before including them in prompts or tool calls. Implement input/output boundaries between trusted and untrusted data.
Likely FP if the matched text is the skill's own instruction set describing how to handle user input, not an actual injection payload.
Detects fetching external URLs and using the content as agent instructions or rules
Fetch fresh guidelinesSanitize or validate all external inputs (file contents, API responses, user messages) before including them in prompts or tool calls. Implement input/output boundaries between trusted and untrusted data.
Likely FP if the matched text is the skill's own instruction set describing how to handle user input, not an actual injection payload.
Detects fetching external URLs and using the content as agent instructions or rules
WebFetch to retrieve the latest rulesSanitize or validate all external inputs (file contents, API responses, user messages) before including them in prompts or tool calls. Implement input/output boundaries between trusted and untrusted data.
Likely FP if the matched text is the skill's own instruction set describing how to handle user input, not an actual injection payload.
Detects fetching external URLs and using the content as agent instructions or rules
Fetch guidelinesSanitize or validate all external inputs (file contents, API responses, user messages) before including them in prompts or tool calls. Implement input/output boundaries between trusted and untrusted data.
Likely FP if the matched text is the skill's own instruction set describing how to handle user input, not an actual injection payload.
Detects fetching remote documentation or code to load as agent context
WebFetch to retrieve + https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.mdPin the SDK or script to a specific version and verify its checksum after download. Prefer installing SDKs via a package manager instead of fetching remote scripts directly.
Likely FP if the match is documentation showing how to install an official SDK (e.g., Google Cloud SDK, AWS CLI) from its canonical URL.
Detects references to raw.githubusercontent.com on mutable branches like main/master
raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.