frontend-design
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-provided data to generate functional code.
- Ingestion points: User requirements for components, pages, or applications as described in the Design Thinking section of SKILL.md.
- Boundary markers: The instructions do not include delimiters or specific commands to ignore embedded instructions within the user-provided data.
- Capability inventory: The skill directs the agent to generate and implement working code in HTML, CSS, JS, React, and Vue.
- Sanitization: No sanitization, filtering, or validation of user-provided content is defined.
- [NO_CODE]: The skill does not include any scripts, executables, or binaries. It is composed entirely of markdown-based instructions and a standard Apache license.
Audit Metadata