ce-frontend-design
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is entirely instructional and does not include any executable scripts, binaries, or malicious patterns. It explicitly advises using native platform tools over shell commands for routine file exploration.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it scans project files (CSS variables, theme configurations, and component libraries) to detect existing design systems. This is a functional requirement for the skill's purpose and is assessed as safe. 1. Ingestion points: Codebase context detection scanning for design tokens and custom properties (SKILL.md, Layer 0). 2. Boundary markers: No specific markers or instructions to ignore embedded prompts in processed files are provided. 3. Capability inventory: Access to native file-search tools, code generation, and browser automation for visual verification. 4. Sanitization: No sanitization methods for ingested data are described.
Audit Metadata