frontend-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of instructions designed to bypass agent constraints or override core safety behaviors. The skill maintains a clear focus on its defined role as a code reviewer.
- [DATA_EXFILTRATION]: There are no network operations, hardcoded credentials, or patterns indicating that sensitive user data is being transmitted to external servers.
- [REMOTE_CODE_EXECUTION]: The skill does not contain instructions to download, install, or execute external scripts. Reference materials mention security tools (e.g., Snyk, npm audit) as recommendations for the user rather than automated execution steps.
- [COMMAND_EXECUTION]: No unauthorized shell command patterns or administrative actions were identified within the skill's logic.
- [INDIRECT_PROMPT_INJECTION]: The skill naturally processes external user-provided code, which represents a potential ingestion point for malicious content. However, the skill does not possess dangerous capabilities—such as file system modification or network access—that would be required to exploit this surface. Current instructions are limited to generating analytical reports.
- [DATA_EXPOSURE]: While the skill contains references for identifying sensitive information in code (like API key regex), it does not store, access, or expose any actual credentials or private system files.
Audit Metadata