Skills
skills/grupous/gpus/frontend-design/Gen Agent Trust Hub

frontend-design

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes utility scripts intended for project management and scaffolding.
  • init-artifact.sh and bundle-artifact.sh execute shell commands such as npm, pnpm, and tar to initialize React projects and bundle assets. These are primary features of the skill.
  • init-artifact.sh utilizes node -e to dynamically modify configuration files like tsconfig.json and tsconfig.app.json during project setup.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of assets and dependencies from trusted sources.
  • generate_images.py script uses the google-genai library to communicate with the Google Gemini API for asset generation, which is a well-known service.
  • Scaffolding scripts automate the installation of numerous official frontend packages from the NPM registry, including React, Tailwind CSS, and Radix UI primitives.
  • [DATA_EXFILTRATION]: The skill accesses local configuration files commonly used for secret management.
  • generate_images.py includes a helper function to read a .env.local file from the project root to retrieve the GEMINI_API_KEY. While this involves sensitive file path access, it is consistent with the skill's intended functionality for local development asset generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 12:14 PM