frontend-skill
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No override, bypass, or safety filter removal instructions were detected. The skill focuses entirely on design aesthetics and layout rules.
- [DATA_EXFILTRATION]: No sensitive file access, hardcoded credentials, or network operations were found. The skill does not interact with external APIs or the local filesystem.
- [REMOTE_CODE_EXECUTION]: The skill does not perform any remote script downloads or installations. There are no patterns involving curl, wget, or package managers like npm or pip.
- [COMMAND_EXECUTION]: No shell commands, subprocess calls, or system-level operations are requested or used within the skill instructions.
- [DYNAMIC_EXECUTION]: No use of eval(), exec(), or runtime code generation patterns were identified. The instructions are purely declarative regarding UI layout and design.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes user-provided design tasks (ingestion point), it possesses no dangerous capabilities such as network access, file writing, or command execution (capability inventory). Consequently, there is no mechanism for an attacker-controlled input to trigger malicious side effects.
- [OBFUSCATION]: No obfuscated content, Base64 strings, or hidden URLs were found. The instructions are clear and human-readable.
Audit Metadata