Failed moderation (intent review) in skills/web-design-guidelines/SKILL.md: This skill instructs an AI agent to fetch and execute arbitrary instructions from a remote URL (https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md) before each review. The fetched content is described as containing 'all the rules and output format instructions' that the agent should follow. This is a prompt injection / remote command execution vector: whoever controls that URL (or compromises it) can inject arbitrary instructions into the AI agent's context, potentially exfiltrating code, manipulating outputs, or performing other malicious actions. The skill is designed to blindly follow whatever instructions are fetched from the remote source.