svelte-ui-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted external data which could contain malicious instructions.
- Ingestion points: Processes 'Feature description', 'Relevant APIs' (links/types), and 'Design references' (Figma links) provided by users or external sources.
- Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions for the external data.
- Capability inventory: The skill has the capability to write/modify frontend components in
src/lib/components/, implement server-side logic in+page.server.ts, and execute local shell commands viapnpm buildandpnpm test. - Sanitization: Absent. There are no instructions for the agent to sanitize or validate the external API definitions or design descriptions before using them to generate code.
- Command Execution (SAFE): The skill includes verification steps using standard development tools (
pnpm lint,pnpm test,pnpm build). These are expected within the context of a software engineering skill and do not involve suspicious or obfuscated commands.
Audit Metadata