frontend-design
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to include scripts and stylesheets from cdn.tailwindcss.com, cdn.jsdelivr.net, and unpkg.com. These are not included in the Trusted External Sources list and represent external dependencies introduced into the agent's output.
- [REMOTE_CODE_EXECUTION] (MEDIUM): Suggesting the use of https://unpkg.com/lucide@latest/dist/umd/lucide.min.js introduces a supply chain vulnerability because the @latest tag allows the remote content to change arbitrarily, potentially executing malicious JavaScript if the generated code is rendered.
- [INDIRECT PROMPT INJECTION] (MEDIUM): The skill transforms user-provided requirements into frontend code, creating a surface for injection. Ingestion points: User input defining UI layout (SKILL.md). Boundary markers: Absent; there are no instructions to ignore or delimit instructions within the user's data. Capability inventory: Generates executable HTML/JavaScript. Sanitization: Absent; the skill does not specify any validation for user-provided data before interpolation into code templates.
Audit Metadata