frontend-mobile-security-xss-scan
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill suggests the installation of
eslint-plugin-securityvia npm. This is a well-known, community-trusted package used for identifying security-sensitive patterns in JavaScript code. - [COMMAND_EXECUTION]: The instructions include examples of shell commands for running standard security tools such as ESLint and Semgrep. These operations are routine for security auditing workflows and are presented transparently to the user.
- [PROMPT_INJECTION]: The skill's primary function is to analyze external code, creating an inherent surface for indirect prompt injection.
- Ingestion points: Data enters the agent's context through file system reads (
fs.readFile) and the$ARGUMENTSplaceholder. - Boundary markers: The instructions do not define specific delimiters to isolate analyzed code from the agent's instruction set.
- Capability inventory: The skill possesses the ability to read local files and recommends the execution of shell-based auditing tools.
- Sanitization: No explicit sanitization of the input code is performed prior to analysis. While this is a vulnerability surface, it is a requirement for the skill's intended purpose as a security scanner and no evidence of malicious intent was found.
Audit Metadata