frontend-perf
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to analyze and modify external frontend source code while having access to the 'Bash' tool. This creates a risk where malicious instructions hidden in the analyzed code could influence the agent's actions.
- Ingestion points: The agent uses Read, Glob, and Grep tools to ingest external source code files.
- Boundary markers: Absent. There are no instructions defining boundaries between system prompts and user-provided code.
- Capability inventory: The agent has 'Bash', 'Write', and 'Edit' capabilities, allowing for significant system impact if misdirected.
- Sanitization: No sanitization or validation logic is defined for the content of processed files.
Audit Metadata