frontend-dev-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill utilizes natural instructional language to define a senior engineer persona. It does not contain instructions to bypass safety filters or ignore prior rules.
- Data Exposure & Exfiltration (SAFE): While documentation includes examples of user metadata (e.g., email, roles), no code patterns attempt to access sensitive system files or exfiltrate data to external domains.
- Obfuscation (SAFE): No evidence of Base64 encoding, zero-width characters, homoglyphs, or other obfuscation techniques was found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard, reputable packages such as TanStack Query and MUI. No 'curl | bash' patterns or installations from untrusted sources are present.
- Privilege Escalation (SAFE): No commands for escalating privileges (e.g., sudo, chmod) or modifying system configurations were identified.
- Persistence Mechanisms (SAFE): The skill does not contain instructions to modify shell profiles, system services, or scheduled tasks.
- Metadata Poisoning (SAFE): Metadata accurately describes the skill's purpose without hidden malicious instructions.
- Indirect Prompt Injection (SAFE): The skill is a static documentation set and does not ingest or process untrusted external data.
- Time-Delayed / Conditional Attacks (SAFE): No time-gated or environment-triggered malicious logic was detected.
- Dynamic Execution (SAFE): The skill strictly follows standard React/TypeScript patterns and does not use eval(), exec(), or other dynamic code generation techniques.
Audit Metadata