frontend-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill uses instructional markers like 'CRITICAL' and 'IMPORTANT' to emphasize design principles; these are used in a benign context and do not attempt to bypass agent safety filters or override system instructions.
- Indirect Prompt Injection (SAFE): While the skill defines a surface for processing user-provided frontend requirements, the capabilities are restricted to text-based code generation with no dangerous tool access.
- Ingestion points: User requirements for components or pages described in the prompt.
- Boundary markers: Absent.
- Capability inventory: Generates UI code (HTML, CSS, JS, React, Vue).
- Sanitization: None identified; the skill relies on the underlying LLM's standard safety layers.
- Data Exposure & Exfiltration (SAFE): No patterns for accessing sensitive files (e.g., SSH keys, credentials) or performing network exfiltration were found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill recommends the 'Motion' library but does not include commands to install untrusted packages or execute remote scripts.
Audit Metadata