fe-stack
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): The instructions are purely informative and establish coding conventions. There are no attempts to override system prompts or bypass safety filters.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive local files or contain any network communication logic. No hardcoded credentials were found.
- [Unverifiable Dependencies] (LOW): The skill references standard, well-known frontend libraries (React, Next.js, Tailwind, etc.). While it mentions next-generation versions (e.g., Next.js 16+ which is ahead of current releases), these are used as architectural references rather than active installation scripts.
- [Indirect Prompt Injection] (LOW): The skill is intended to be used during code reviews and writing. While it processes external code provided by the user, the skill itself provides only a set of rules and lacks any autonomous high-trust capabilities (like automated merging or deployment) that could be subverted by malicious code patterns.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyphs were detected. The content is plain-text Markdown.
Audit Metadata