frontend-ui-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No attempts to override agent behavior, bypass safety filters, or extract system prompts were detected.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials (API keys, tokens) or access to sensitive system file paths were identified. The skill operates within a local development context.
- [Obfuscation] (SAFE): The skill content is clear and readable markdown. No Base64, zero-width characters, or homoglyphs were found.
- [Unverifiable Dependencies & RCE] (SAFE): The skill uses standard local verification commands (
pnpm lint,pnpm test,pnpm typecheck). It does not download or execute scripts from remote or untrusted sources. - [Privilege Escalation] (SAFE): No commands requiring elevated privileges (e.g.,
sudo) or modifications to system-level configurations were present. - [Persistence Mechanisms] (SAFE): The skill does not attempt to modify shell profiles, cron jobs, or startup services to maintain persistent access.
- [Indirect Prompt Injection] (SAFE): The skill has a defined surface for ingesting untrusted data (feature descriptions and design references), but the impact is minimized by its focus on UI code generation and local testing.
- Ingestion points:
Feature description,Relevant APIs,Design references. - Boundary markers: None explicitly mentioned, but tasks are scoped to frontend development.
- Capability inventory: Subprocess execution via
pnpmfor linting and testing. - Sanitization: Not applicable to the UI implementation workflow.
Audit Metadata