frontend-developer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to override agent safety filters, reveal system prompts, or bypass restrictions.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or access to sensitive file paths detected. No network operations or external data transmission patterns present.
- [Obfuscation] (SAFE): No Base64, zero-width characters, homoglyphs, or encoded content identified.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): While the skill mentions numerous modern web frameworks and libraries (React 19, Next.js 15, Tailwind, etc.), it does not include installation commands or remote script execution (curl|bash). There are no package manifest files (package.json, requirements.txt) associated with the skill.
- [Privilege Escalation] (SAFE): No use of sudo, chmod, or administrative command patterns.
- [Persistence Mechanisms] (SAFE): No attempts to modify startup scripts, cron jobs, or system configurations.
- [Metadata Poisoning] (SAFE): Metadata fields are descriptive and align with the stated purpose of the skill.
- [Indirect Prompt Injection] (LOW): As a frontend development persona, the skill is designed to process user requirements. While it lacks explicit boundary markers for untrusted data, it possesses no dangerous capabilities (network, file-write, or subprocess execution) that could be exploited through injected instructions in user-provided UI requirements.
- [Time-Delayed / Conditional Attacks] (SAFE): No logic gating behavior based on time or environment variables.
- [Dynamic Execution] (SAFE): No use of eval, exec, or runtime compilation of generated code.
Audit Metadata