frontend-design
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: Analysis of the skill's documentation and code examples confirms they are legitimate resources for frontend development.
- [COMMAND_EXECUTION]: The skill includes a Python script 'scripts/contrast-checker.py' for WCAG contrast validation. The script safely extracts hex colors from local files using regular expressions and standard Python libraries.
- [PROMPT_INJECTION]: The design review functionality (local or remote) creates a surface for indirect prompt injection. Untrusted content from websites could contain instructions designed to influence the agent. 1. Ingestion: SKILL.md (Reviewing websites); 2. Boundaries: Absent; 3. Capability inventory: 'Fix issues at source code level' (file modification); 4. Sanitization: Not specified.
Audit Metadata