frontend-to-backend-requirements
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No attempts to override safety guidelines or bypass system instructions were detected. The use of restrictive language ("NO chat output") is part of the intended workflow behavior.
- Data Exposure & Exfiltration (SAFE): No credentials, sensitive file paths, or network operations are present. The skill only writes to a specific project-relative path:
.claude/docs/ai/. - Obfuscation (SAFE): No encoded strings, zero-width characters, or hidden content were found.
- Remote Code Execution & Dependencies (SAFE): The skill does not install any packages (npm/pip) or execute remote scripts. It is a text-based instruction set.
- Privilege Escalation & Persistence (SAFE): No commands for escalating privileges (sudo) or maintaining persistence (cron/startup) are included.
- Indirect Prompt Injection (LOW): The skill processes user-provided descriptions of UI features and interpolates them into a markdown template. While it lacks explicit sanitization markers, the impact is limited to generating a documentation file within the project, posing no system-level risk.
Audit Metadata