Skills
skills/prorise-cool/claude-code-multi-agent/frontend-specialist/Gen Agent Trust Hub

frontend-specialist

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Data Exposure & Exfiltration] (SAFE): The skill explicitly instructs against hardcoding secrets (e.g., in references/cursor_rules_netlify.md) and recommends using encrypted environment variables or secrets management systems.
  • [Indirect Prompt Injection] (LOW): The skill utilizes external data ingestion by instructing the agent to fetch current documentation from official websites (e.g., Next.js, Vue, and Tailwind documentation) using tools like WebFetch. This is a functional requirement for the agent's expertise.
  • Ingestion points: WebFetch calls to nextjs.org, vuejs.org, and tailwindcss.com specified in persona files.
  • Boundary markers: None explicitly defined in the prompt templates.
  • Capability inventory: Access to Bash, Write, MultiEdit, and WebFetch tools.
  • Sanitization: The skill provides snippets and instructions for using DOMPurify to sanitize user-generated content in built applications.
  • [Unverifiable Dependencies & Remote Code Execution] (SAFE): While the skill defines workflows involving build tools (Vite, Webpack, npx), it does not include any automated or suspicious remote script executions (e.g., piped bash scripts).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:07 PM