Skills
skills/shinpr/claude-code-workflows/recipe-front-review/Gen Agent Trust Hub

recipe-front-review

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data (Design Documents and codebase implementation files) by passing them as context to various sub-agents. While this is the intended functionality of the tool, it constitutes an indirect prompt injection surface.
  • Ingestion points: Reads from docs/design/*.md and implementation files identified by git diff.
  • Boundary markers: Content is passed within string templates (e.g., 'Design Doc: [path]') without distinct structural delimiters or instructions for agents to ignore embedded commands.
  • Capability inventory: The workflow invokes sub-agents that can write to the filesystem (task-executor-frontend) and creates work plans via TaskCreate.
  • Sanitization: No sanitization of the ingested text is performed before processing.
  • [COMMAND_EXECUTION]: The skill performs local reconnaissance using shell commands.
  • Evidence: Executes ls to locate documentation and git diff to identify modified files. These are standard, read-only developer operations used for context gathering.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 07:34 PM