frontend-master
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing local Python scripts (scripts/search.py and scripts/design_system.py) to perform its primary logic and semantic searches across its internal database.
- [PROMPT_INJECTION]: The skill's architecture creates a vulnerability surface for indirect prompt injection through data ingestion. Ingestion points: Phase 1 of the workflow automatically scans project files like package.json and existing design-system/MASTER.md. Boundary markers: Absent; the skill does not use delimiters to wrap ingested content. Capability inventory: The agent can execute local scripts and write markdown files to the filesystem. Sanitization: There is no filtering or validation of content read from project files before processing.
Audit Metadata