frontend-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Code (SAFE): The skill package consists of 21 markdown files and does not include any executable scripts, binaries, or configuration files that could pose a direct security threat.
- Indirect Prompt Injection (SAFE): The skill is designed to process untrusted visual inputs (screenshots and videos) to extract design guidelines. Evidence: 1. Ingestion points: User-provided screenshots and videos in replication workflows. 2. Boundary markers: Absent. 3. Capability inventory: Local script execution and filesystem writes. 4. Sanitization: None. While this creates a surface for indirect prompt injection, it is the primary intended purpose of the skill and is handled as a documentation-driven workflow.
- Command Execution (SAFE): Although the documentation provides command-line examples for running local Python scripts for batch processing and media optimization, these scripts are not part of the skill package and the instructions do not reference untrusted remote sources.
Audit Metadata