frontend-module
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access behaviors were detected. The skill describes a legitimate software module for web development.- [COMMAND_EXECUTION]: The skill documentation describes standard development workflows involving shell commands such as
npm run buildandmyfy run. These are routine for managing frontend assets and starting a local development server.- [PROMPT_INJECTION]: The skill defines an interface for rendering user-provided data into HTML templates using therender_templatefunction. While this presents a standard web application attack surface (Cross-Site Scripting), it is the primary function of the module and relies on standard Jinja2 auto-escaping. - Ingestion points: Data passed to
render_templatein example code blocks. - Boundary markers: Standard Jinja2 template delimiters
{{ ... }}are used. - Capability inventory: The module performs local filesystem writes for project scaffolding when
auto_init=Trueis enabled and renders HTML content. - Sanitization: The module utilizes Jinja2, which provides built-in HTML escaping for template variables by default.
Audit Metadata