frontend-dev-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill uses a role-playing persona ('senior frontend engineer') to establish context for code generation but does not include any instructions to bypass safety filters, ignore system prompts, or reveal internal configurations.
- [Data Exposure & Exfiltration] (SAFE): No sensitive credentials, API keys, or private file paths (e.g., .ssh, .env) are present. The authentication patterns provided are standard for frontend applications and do not involve unauthorized data transmission.
- [Remote Code Execution] (SAFE): No remote script downloads (e.g., curl|bash) or dynamic execution of untrusted code were identified. All code splitting and lazy loading use static, local paths following best practices.
- [Indirect Prompt Injection] (LOW): The skill describes an architecture that integrates with external design and analytics specifications. Evidence: 1. Ingestion: Integrated with 'frontend-design' and 'analytics-tracking' skills (SKILL.md). 2. Boundary markers: Absent in instructions. 3. Capability: Limited to instructional code generation; no executable scripts or system-level capabilities are included. 4. Sanitization: No explicit sanitization of input text is required by the skill.
Audit Metadata