frontend-dev-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found. The use of terms like 'NEVER' and 'IMPORTANT' is restricted to technical constraints and best practices for developers.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. API calls shown in examples (e.g., '/api/data') are illustrative and follow standard patterns.
- [Obfuscation] (SAFE): No Base64, zero-width characters, homoglyphs, or other obfuscation techniques are present in the documentation.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The documentation references industry-standard libraries (MUI, TanStack, Zod, Zustand). No remote scripts are downloaded or executed. Code splitting patterns use standard dynamic imports for local features.
- [Indirect Prompt Injection] (SAFE): While the skill describes data ingestion surfaces (forms and URL parameters), it explicitly promotes the use of Zod schemas for strict validation, which acts as a primary mitigation against injection attacks in the final application.
- [Dynamic Execution] (SAFE): The examples demonstrate standard React component rendering and do not use unsafe methods like 'eval()' or 'exec()'. Library loading (e.g., jspdf, xlsx) is handled through standard ES6 dynamic imports.
Audit Metadata