frontend-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill provides instructions for generating functional web code based on untrusted user requirements. This creates a surface for indirect prompt injection where a user could provide instructions that the agent inadvertently includes in the generated code (e.g., Cross-Site Scripting or malicious redirects).
- Ingestion points: The skill explicitly processes 'frontend requirements' provided by the user (File: SKILL.md).
- Boundary markers: No explicit markers or 'ignore embedded instructions' warnings are used to separate user data from the generation logic.
- Capability inventory: The skill is capable of generating 'real working code' including HTML, CSS, JS, React, and Vue, and encourages the use of external libraries like Framer Motion (File: SKILL.md).
- Sanitization: The skill relies on the underlying LLM's safety guardrails and does not provide specific sanitization or escaping instructions for the generated output.
- [DYNAMIC_EXECUTION] (LOW): The skill instructs the agent to generate and potentially execute code ('Implement real working code') at runtime based on dynamic templates. While this is the intended purpose of the skill, it represents a standard dynamic execution surface.
- [PROMPT_INJECTION] (SAFE): No malicious override or bypass markers were detected. The use of 'CRITICAL' and 'IMPORTANT' in the markdown is used for emphasis on design quality and does not attempt to subvert safety filters.
Audit Metadata