pwa-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to bypass safety filters or override agent behavior were found. The language is purely instructional and technical.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or access to sensitive local file paths (like .ssh or .aws) were detected. Network operations are limited to standard 'fetch' calls for connection testing in the offline page.
- Obfuscation (SAFE): No evidence of Base64, zero-width characters, homoglyphs, or other encoding techniques intended to hide malicious intent was found.
- Unverifiable Dependencies (SAFE): The skill references well-known, industry-standard PWA plugins for Vite, SvelteKit, and Next.js. No suspicious or unknown remote scripts are executed.
- Indirect Prompt Injection (LOW): While the skill involves generating files based on user-provided application names and descriptions (an ingestion point), the risk is minimal and characteristic of developer productivity tools. No hazardous capability/sanitization mismatch was identified in the provided assets.
Audit Metadata