Skills
skills/404kidwiz/claude-supercode-skills/frontend-developer-skill/Gen Agent Trust Hub

frontend-developer-skill

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) through its scaffolding and setup scripts.
  • Ingestion Points: Scripts such as scaffold_component.tsx, create_api_client.ts, and setup_testing.ts ingest data via process.argv (CLI arguments).
  • Capability Inventory: All scripts use fs.writeFileSync to create or overwrite files in the local filesystem. deploy.sh executes shell commands.
  • Boundary Markers: None are present to distinguish between legitimate parameters and injected code snippets.
  • Sanitization: Scripts perform no sanitization on inputs. For example, scaffold_component.tsx takes a --props JSON string and interpolates its contents directly into a generated .tsx file. An attacker could craft a JSON value that 'breaks out' of the template string to inject arbitrary TypeScript code.
  • COMMAND_EXECUTION (MEDIUM): The deploy.sh script executes multiple external binaries (vercel, netlify, aws) using environment variables like VERCEL_TOKEN. If an agent is tricked into running this skill in a compromised environment, these credentials could be misused.
  • REMOTE_CODE_EXECUTION (LOW): The skill frequently instructs the agent to run npm install and npx commands. While these typically target the official npm registry (a trusted source), this represents the execution of remote code. Per [TRUST-SCOPE-RULE], these are downgraded to LOW but remain a vector for supply chain attacks if versions are not pinned.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:21 PM