frontend-developer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and obey instructions from external markdown files found in the
.claude/rules/frontend/and.claude/project-rules/frontend/directories. - Ingestion points: Rules are loaded via Glob from
.claude/rules/frontend/*.mdand.claude/project-rules/frontend/*.md(referenced in SKILL.md). - Boundary markers: Absent. The skill explicitly states that 'Rules are the source of truth' and instructs the agent to 'read ALL frontend rules' before starting.
- Capability inventory: While the skill itself is instructional, it is intended for use by a 'Frontend Developer' agent which typically possesses file-system write capabilities to implement features or refactor code.
- Sanitization: None. The skill does not describe any validation or filtering of the content within the rules files.
- Risk: If an attacker can contribute files to these directories (e.g., via a Pull Request), they can inject malicious instructions that the agent will treat as authoritative project conventions, potentially leading to the introduction of vulnerabilities or data leakage in the frontend codebase.
Audit Metadata