frontend-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill uses natural instructional language ('CRITICAL', 'IMPORTANT') to emphasize design quality and adherence to aesthetic principles. It does not contain instructions to bypass safety filters or ignore system constraints.
- [Indirect Prompt Injection] (SAFE): The skill includes a validation step that uses browser tools (
chrome-devtools_*) to inspect the generated frontend code. This is a legitimate development workflow where the agent interacts with its own output in a controlled environment. No untrusted external data sources are used to influence the agent's core logic. - [Data Exposure & Exfiltration] (SAFE): There are no patterns indicating access to sensitive system files (e.g., SSH keys, AWS credentials) or hardcoded secrets. The network operations are limited to the navigation required for UI validation.
- [Remote Code Execution] (SAFE): The skill does not download or execute external scripts, and it does not use dynamic execution functions like
eval()orexec()on untrusted input. - [Privilege Escalation] (SAFE): No commands for elevating user privileges or modifying system-level configurations were found.
Audit Metadata