frontend-design
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by instructing the agent to process user-provided codebases. 1. Ingestion points: The agent is instructed to read existing frontend files in Step 1. 2. Boundary markers: No specific delimiters or safety warnings are defined for these inputs. 3. Capability inventory: The skill is intended for agents that can inspect and edit frontend files. 4. Sanitization: No explicit validation or filtering of codebase content is required. This vulnerability surface is an expected property of the skill's primary function.\n- [NO_CODE]: The skill consists entirely of a single markdown file containing instructional text and heuristics. It does not include any scripts, compiled binaries, or automated installation processes.\n- [SAFE]: No malicious patterns, such as hardcoded credentials, data exfiltration, or unauthorized command execution, were found in the skill content. All external references point to the legitimate vendor domain.
Audit Metadata