frontend-ui-animator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): Indirect Prompt Injection vulnerability surface. 1. Ingestion points: The skill directs the agent to scan the
app/andcomponents/directories and read the contents oftailwind.config.tsandpackage.json. 2. Boundary markers: There are no instructions to use delimiters or to disregard potentially malicious instructions embedded in the code or comments it reads. 3. Capability inventory: The skill has the capability to modify existing React components, extend the project's Tailwind configuration, and create new executable files (hooks). 4. Sanitization: The skill lacks any process for validating or sanitizing the data read from the project before using it in code generation prompts. - DATA_EXPOSURE (LOW): The agent scans project structure and technical configuration files (package.json, tailwind.config.ts). While required for functionality, this provides visibility into the project's dependency graph and architecture.
Recommendations
- AI detected serious security threats
Audit Metadata