frontend-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill identifies a surface for indirect prompt injection by processing untrusted frontend code files (.tsx, .ts, .js).
- Ingestion points: Untrusted source code files from pending changes or specific file paths.
- Boundary markers: No explicit markers or instructions to ignore embedded prompts within comments are provided.
- Capability inventory: The skill is designed to suggest and apply code fixes, implying write access to the filesystem.
- Sanitization: No sanitization of the input source code is defined.
- [NO_CODE] (SAFE): The skill consists entirely of markdown instructions (SKILL.md) and does not include any executable scripts, binaries, or external dependencies.
Audit Metadata