frontend-expert
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to analyze and refactor user-provided source code, creating a surface for indirect prompt injection where malicious instructions could be embedded in code comments or data structures.\n
- Ingestion points: The skill ingests untrusted content by reading local project files and source code through the 'Read', 'Grep', and 'Glob' tools.\n
- Boundary markers: There are no boundary markers or explicit safety instructions to help the agent distinguish between its system guidelines and instructions potentially embedded in the source code it processes.\n
- Capability inventory: The skill possesses extensive capabilities, including 'Bash', 'Write', and 'Edit', which could be leveraged to perform unauthorized actions if the agent is manipulated by instructions found in user data.\n
- Sanitization: No sanitization or validation logic is defined to filter or escape content retrieved from the file system before it is processed by the model.
Audit Metadata