frontend-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is composed entirely of Markdown documentation and instructional workflows. It does not ship with any executable scripts or binaries.
- [NO_CODE]: There are no source code files (e.g., .py, .js, .sh) or configuration files that trigger command execution within the skill package.
- [PROMPT_INJECTION]: The instructions are task-oriented and do not contain patterns intended to override agent safety filters or extract system prompts.
- [DATA_EXFILTRATION]: No network-capable utilities (like curl or wget) or file system access commands are present. There is no risk of data being transmitted to external servers.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted frontend code provided by users. However, because the skill lacks any execution capabilities (such as shell access, file writing, or network calls), the potential impact of processing malicious code is limited to the generation of the analysis report itself.
Audit Metadata