frontend-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- Category 8: Indirect Prompt Injection (LOW): The skill is designed to generate frontend code based on user-provided descriptions. While this is a common vector for indirect injection (where a malicious description could lead to the generation of vulnerable or malicious code), the skill itself does not execute the code or write to the filesystem directly. It returns structured data for the agent to handle.
- Category 4: Unverifiable Dependencies (INFO): The skill references common development dependencies like 'react', 'vue', and 'vitest' in documentation and test templates. These are standard in the industry and are not downloaded or executed by the skill's scripts.
- Category 10: Dynamic Execution (INFO): The skill configuration includes logging hooks ('on_invoke', etc.) that contain string-based code snippets. These are static, hardcoded logging calls and do not involve the execution of untrusted or dynamic user input.
Audit Metadata