frontend-design
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
npx shadcnCLI tool to add UI components to the project as needed. - [EXTERNAL_DOWNLOADS]: Fetches component code from the well-known shadcn UI library, which is a trusted industry standard for frontend development.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from local developer-controlled files to apply branding and user roles. 1. Ingestion points:
DOMAIN.md(brand details, user roles),app.css. 2. Boundary markers: Absent. 3. Capability inventory: Command execution (npx) and file system writes for CSS and React components. 4. Sanitization: Absent. This represents a functional surface area using local project data rather than a remote attack vector. - [DATA_EXPOSURE]: Utilizes
localStoragefor persisting user records and item states, which is standard practice for client-side business tools. - [PROMPT_INJECTION]: Includes strong behavioral instructions to override default AI generation styles ('Un-GPTify') to ensure specific design aesthetics, which are benign persona constraints.
Audit Metadata