frontend-design-optimizer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface by ingesting untrusted data from external research (Step 2 & 3) and using it to generate implementation code (Step 5).
- Ingestion points: Web research results returned by
codex-deep-researchandgemini-research-analystagents. - Boundary markers: Absent. The prompts do not include delimiters or instructions to ignore embedded commands within the research data.
- Capability inventory: Generates implementation plans, executable code examples, and provides links to external live examples.
- Sanitization: Absent. There is no mention of filtering or validating the content retrieved from the web before presenting it to the user.
- [Data Exposure] (MEDIUM): Step 1 and Step 2 involve analyzing the 'current codebase' and sending that context (Tech stack, requirements, user types) to external research tools.
- Risk: If the local codebase contains sensitive comments, hardcoded configuration metadata, or internal requirements, this information is exfiltrated to the sub-agent tools during the research phase.
- [Remote Code Execution] (LOW): While the skill does not execute code directly, it encourages the user to run 'Full working examples' and visit 'Live Examples' (CodeSandbox/CodePen) retrieved via research, which could lead to RCE if the research results are poisoned.
Recommendations
- AI detected serious security threats
Audit Metadata