frontend-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection because its core function is to ingest and analyze untrusted external content (source code and web pages). There are no boundary markers or sanitization protocols to prevent the agent from following instructions embedded within the reviewed data. The integration with browser automation tools increases the risk, as the agent could be manipulated into performing unintended web actions or revealing sensitive information through the browser context. * Ingestion points: Ingests React/TypeScript source code and fetches remote content via playwright_navigate. * Boundary markers: None identified. * Capability inventory: Includes browser automation via Playwright (navigation, DOM inspection, screenshotting). * Sanitization: No logic exists to sanitize or filter code or HTML before processing.
- [COMMAND_EXECUTION] (LOW): The skill mentions running and configuring tools like ESLint and Prettier. These tools can execute arbitrary code if they load maliciously crafted configuration files (e.g., .eslintrc.js) present in the untrusted code being reviewed.
Recommendations
- AI detected serious security threats
Audit Metadata