Skills
skills/projanvil/mindforge/frontend-svelte/Gen Agent Trust Hub

frontend-svelte

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation includes standard commands for initializing the project and adding components using the bunx shadcn-svelte@latest utility.
  • [COMMAND_EXECUTION]: The skill provides instructions for building and previewing the application using the Bun runtime with commands like bun run build and bun run preview.
  • [PROMPT_INJECTION]: An example provided for blog post rendering uses the {@html} tag to display content from an external API, which serves as a potential surface for indirect injection if not handled with care.
  • Ingestion points: Content is fetched from an API endpoint (/api/posts/${params.slug}) within the SvelteKit load function and passed to the frontend for rendering.
  • Boundary markers: There are no explicit delimiters or instructions provided in the template to ignore or bypass embedded directives in the fetched HTML.
  • Capability inventory: The use of {@html} allows for the execution of client-side scripts or the rendering of arbitrary HTML elements, which could influence an agent's context if it parses the output.
  • Sanitization: The example documentation does not include logic for sanitizing the HTML string before rendering, which is a key security practice when using this directive.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 06:52 AM