frontend-design
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [SAFE] (SAFE): The skill consists entirely of markdown instructions and metadata. It does not include any executable files (.sh, .py, .js), binaries, or configuration files that could trigger system-level actions.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process user-provided frontend requirements to generate code artifacts.
- Ingestion points: User requirements provided in the chat context.
- Boundary markers: None present in the instructions to separate user data from the system's design logic.
- Capability inventory: The skill only generates code for display/output; it lacks the capability to write to the filesystem, execute subprocesses, or perform network requests.
- Sanitization: No explicit sanitization or validation of user input is mentioned, but the lack of executable 'sinks' (like
evalorexec) mitigates this risk to a negligible level.
Audit Metadata