Skills
NYC
skills/smithery/ai/frontend-code-review/Gen Agent Trust Hub

frontend-code-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill defines a process for reading and analyzing untrusted external content (frontend code), creating a significant attack surface for indirect injection via malicious code comments.
  • Ingestion points: Processes .tsx, .ts, and .js files from the filesystem (staged changes or specific file paths).
  • Boundary markers: None. There are no instructions to use delimiters or to disregard instructions found within the code being analyzed.
  • Capability inventory: The agent can suggest and potentially apply fixes ('Would you like me to use the Suggested fix section to address these issues?'), which allows an injector to influence file modifications.
  • Sanitization: No sanitization or filtering logic is present to prevent the agent from obeying embedded instructions in the analyzed files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:59 AM