frontend-dev-tools
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
pnpm devto start a local development server. This is a standard and expected operation for its stated purpose as a frontend development tool. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by directing the agent to read and verify UI signals from a running local server. If the source code of the project (which may be untrusted) contains malicious instructions in visible elements like the page title or headings, the agent could inadvertently follow them.
- Ingestion points: Browser tool output from the local development server (SKILL.md).
- Boundary markers: None present to distinguish UI content from instructions.
- Capability inventory: Subprocess execution via terminal commands, browser automation through MCP Playwright and Chrome DevTools, and fallback browser interaction.
- Sanitization: No sanitization or validation of the ingested UI content is specified.
Audit Metadata