frontend-design
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill uses directive keywords like 'CRITICAL' and 'IMPORTANT' strictly for design emphasis (e.g., 'CRITICAL: Choose a clear conceptual direction'). There are no attempts to bypass safety filters or ignore previous instructions.
- [Data Exposure & Exfiltration] (SAFE): No access to sensitive file paths, environment variables, or hardcoded credentials was detected. No network operations (curl, wget, fetch) are present.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not include any package manager commands (npm, pip) or remote script executions. It suggests the use of the 'Motion' library for React in generated code, which is a standard industry practice.
- [Indirect Prompt Injection] (SAFE): The skill ingests untrusted user requirements for frontend design. However, it lacks any execution capabilities, file-writing tools, or network access that could be exploited via malicious input. Evidence chain: 1. Ingestion points: user-provided requirements; 2. Boundary markers: Absent; 3. Capability inventory: No executable scripts or tool-calling capabilities; 4. Sanitization: N/A as no code is executed.
Audit Metadata