frontend-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Remote Code Execution] (SAFE): No unauthorized remote execution patterns detected. The skill references standard tool-based component installation (shadcn/ui) and local build processes (mise, bun).
- [Indirect Prompt Injection] (SAFE): The skill has a surface for indirect prompt injection via project-local configuration files, which is normal for its intended use case.
- Ingestion points:
packages/design-tokensandpackages/i18n(referenced inSKILL.md). - Boundary markers: Absent, relying on the agent's internal logic for parsing structured project files.
- Capability inventory: Subprocess execution for linting (
bun lint) and build tasks (mise build), and tool calls for frontend component management. - Sanitization: None explicitly defined; the skill operates on the assumption of a trusted local development environment.
Audit Metadata