frontend-component
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The scripts
component_generator.pyandstyle_generator.pyinterpolate user-provided strings (like--descriptionand--name) directly into code templates using simple string replacement. - Ingestion points: Command-line arguments
--name,--description, and--propsin the generator Python scripts. - Boundary markers: None. The input is directly placed inside JSDoc comments or code structures (e.g., `/** * ${COMPONENT_NAME}
- ${DESCRIPTION} /
). An attacker could provide a description like/ import { exec } from 'child_process'; /*` to break out of the comment and inject malicious code into the generated file. - Capability inventory: The generator scripts use
open(args.output, 'w').write()to create new files on the local filesystem. - Sanitization: While
name_validator.pyexists as a standalone tool to check naming conventions, it is not integrated into the generation logic to sanitize input against injection characters (like comment delimiters or newline characters). - File System Access (LOW): The scripts
component_generator.py,style_generator.py, andtest_generator.pyaccept an--outputargument that is used to write files without any path traversal checks or restrictions to a specific workspace directory. This could allow an agent to overwrite arbitrary files if the path is not controlled.
Audit Metadata