frontend-ui-ux
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is vulnerable to indirect prompt injection because it is designed to ingest and act upon untrusted project data while possessing code-writing capabilities.
- Ingestion points: The 'Work Principles' section (Point 3) explicitly instructs the agent to 'Examine existing patterns, conventions, and commit history (git log) before implementing' (SKILL.md).
- Boundary markers: The skill lacks any instructions or delimiters to isolate untrusted data from the agent's core instructions, making it susceptible to malicious commands hidden in the codebase or git history.
- Capability inventory: The skill is authorized to 'implement working code' and 'Execute the exact task' (SKILL.md), which includes the ability to modify files and generate executable frontend logic.
- Sanitization: There are no sanitization or verification steps required for the data analyzed from the repository, allowing untrusted content to directly influence the agent's code generation.
Recommendations
- AI detected serious security threats
Audit Metadata