frontend-design
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the command
npx shadcn createfor project scaffolding. This is a standard operation for the well-known shadcn/ui library. - [EXTERNAL_DOWNLOADS]: Fetches configuration and stylistic presets from
ui.shadcn.com. As this is the official domain for a well-known UI library, it is considered a safe and expected source. - [PROMPT_INJECTION]: The skill contains integration patterns that interpolate user-controlled data into URL templates for services like Gmail and Outlook. This represents an indirect prompt injection surface (Category 8).
- Ingestion points: User-provided frontend requirements in
SKILL.md. - Boundary markers: Absent.
- Capability inventory: File downloads, generation of deep-link URLs (Gmail, Outlook, Calendar, Slack, Notion) in
SKILL.md. - Sanitization: Absent; the skill relies on the agent's internal safety filters when populating templates like
mailto:{email}?subject={subject}&body={body}.
Audit Metadata