frontend-security-coder
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No override commands or safety bypass instructions detected. The instructions are aligned with the stated purpose of providing secure coding guidance.
- [DATA_EXFILTRATION]: No evidence of hardcoded credentials, sensitive file path access, or unauthorized network operations. The skill focuses on client-side security patterns.
- [REMOTE_CODE_EXECUTION]: No remote script downloads or piped command executions are present. The skill mentions using libraries like DOMPurify as a best practice but does not perform any installations.
- [COMMAND_EXECUTION]: No shell commands, subprocess spawning, or system manipulation instructions identified.
- [OBFUSCATION]: The content is clear and uses standard Markdown formatting. No hidden characters, encoded strings, or homoglyphs were found.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes user-provided tasks, it lacks dangerous capabilities (like file writes or network requests) that could be exploited via malicious data. It emphasizes sanitization and validation as its primary function.
- [DYNAMIC_EXECUTION]: The skill does not generate or execute code at runtime. It provides static instructions and refers to a local resource file for examples.
Audit Metadata