Skills
skills/parhumm/jaan-to/frontend-scaffold/Gen Agent Trust Hub

frontend-scaffold

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data (design artifacts, task breakdowns, and API contracts) which creates a surface for indirect prompt injection.
  • Ingestion points: Files provided via 'frontend-design', 'frontend-task-breakdown', and 'backend-api-contract' arguments.
  • Boundary markers: No explicit delimiters or 'ignore' instructions are used when interpolating these inputs into prompts.
  • Capability inventory: The skill has access to shell execution (Task), file writing (Write), and plugin configuration editing (Edit).
  • Sanitization: No evidence of validation or sanitization for input content before processing.
  • [COMMAND_EXECUTION]: Executes local shell scripts located in the plugin directory to perform administrative tasks such as ID generation and index updating.
  • Evidence: Calls to 'id-generator.sh' and 'index-updater.sh' via the 'source' command to manage output directories and record project metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 08:28 PM