frontend-ui-integration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted external inputs (feature descriptions and API definitions) to modify the codebase and execute commands. This creates a surface where an attacker could influence the generated code to perform unauthorized actions.\n
- Ingestion points: File: SKILL.md; Inputs: 'Feature description', 'Relevant APIs', 'Design references'.\n
- Boundary markers: Absent. The skill does not define specific delimiters or instructions to ignore embedded commands in the input data.\n
- Capability inventory: File modification (components/hooks); Shell execution ('pnpm test', 'pnpm lint').\n
- Sanitization: Absent. The skill does not specify any sanitization or validation of the input strings before they are used to generate code logic.\n- Dynamic Execution (MEDIUM): The workflow involves generating source code which is then executed by the environment through test runners and linters. While standard for development, this pattern allows for the execution of dynamically created logic.
Recommendations
- AI detected serious security threats
Audit Metadata