frontend-design
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): The skill uses authoritative language such as 'CRITICAL' and 'IMPORTANT', but these are strictly applied to aesthetic choices and design intentionality. There are no attempts to override system prompts, bypass safety filters, or use 'jailbreak' style instructions.
- [Data Exposure & Exfiltration] (SAFE): No commands or instructions for accessing sensitive files, environment variables, or performing network exfiltration were found.
- [Indirect Prompt Injection] (LOW): The skill acts as a template for processing user-provided frontend requirements. While it generates code based on untrusted input, the skill itself lacks side-effect capabilities (like file writing or network access) that would enable a high-severity attack. The risk is inherent to code generation tasks and is well-contained within the design context.
- [External Downloads & Dependencies] (SAFE): The text mentions the 'Motion library for React' (Framer Motion) as a recommendation, but it does not include instructions to download or execute untrusted third-party code at runtime.
- [Obfuscation] (SAFE): The skill is written in clear, plain Markdown with no encoded strings, zero-width characters, or hidden content.
Audit Metadata