frontend-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely instructional, providing best-practice code templates for frontend development without any executable or hidden malicious code.
- [DATA_EXPOSURE]: No hardcoded credentials, API keys, or sensitive file paths were identified; the provided code snippets use generic demonstration endpoints like '/api/markets'.
- [EXTERNAL_DOWNLOADS]: The skill references industry-standard, well-known libraries such as Framer Motion and TanStack Virtual for UI enhancements and virtualization; these are trusted resources within the web development ecosystem.
- [INDIRECT_PROMPT_INJECTION]: The skill describes components and hooks that ingest external data (e.g., via the 'url' prop in DataLoader or 'fetcher' in useQuery), which creates a potential surface for processing untrusted content. Evidence: 1. Ingestion points: The 'url' prop in the DataLoader component and the 'fetcher' function in the useQuery hook in SKILL.md. 2. Boundary markers: No specific delimiters are used in the templates, as they are generic coding patterns. 3. Capability inventory: Use of the 'fetch' API for network requests. 4. Sanitization: The skill includes an example of manual form validation in the 'CreateMarketForm' snippet to ensure data integrity.
Audit Metadata