frontend-dev-plain-web
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a standard frontend development workflow with clear constraints on tool usage and technology choices (plain HTML/CSS over frameworks).
- [SAFE]: Image sourcing is performed through well-known services (Unsplash, Pexels, Pixabay) and involves local downloading and validation via
desktop-commander, which reduces risks associated with remote content. - [SAFE]: No obfuscation, prompt injection, or suspicious network activities were identified. All tool references (e.g.,
desktop-commander,playwright-skill,chrome-devtools) are used for their intended development and verification purposes. - [SAFE]: The skill defines an ingestion surface for indirect prompt injection by processing external image URLs from search results. However, the workflow mitigates this by treating the inputs as image assets, requiring local storage, and performing browser-based rendering checks, rather than interpreting the input as instructions.
Audit Metadata