frontend-ui-animator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill exhibits a high-risk surface for indirect prompt injection because it reads untrusted project data and has the capability to modify the filesystem.\n
- Ingestion points: The skill scans the
app/andcomponents/directories and reads the contents oftailwind.config.tsandpackage.json(identified in Phase 1 ofSKILL.mdand the analysis template inreferences/component-checklist.md).\n - Boundary markers: There are no delimiters or specific instructions provided to the agent to ignore or isolate embedded instructions within the source files it reads.\n
- Capability inventory: The skill is designed to modify
tailwind.config.ts,globals.css, and create or update React component files (.tsx) across the project (specified in Phase 3 ofSKILL.md).\n - Sanitization: There is no evidence of sanitization or safety checks applied to the content read from the project files before it is used to inform the agent's code generation or modification tasks.\n- Command Execution (MEDIUM): The skill utilizes directory scanning and file system analysis (e.g.,
lsor equivalent file system APIs) to map the project structure. While standard for a coding assistant, these actions provide the necessary primitives to exploit the Indirect Prompt Injection vulnerabilities noted above.
Recommendations
- AI detected serious security threats
Audit Metadata