develop
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run
npx @subframe/cli@latest syncto synchronize UI components. This is a legitimate use of the vendor's official command-line utility to maintain the local project state. - [EXTERNAL_DOWNLOADS]: The skill fetches design specifications and code structures from
app.subframe.comand downloads the Subframe CLI. These network operations are directed at the vendor's infrastructure to support the intended design implementation service. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted design data from a remote API to generate or modify local code files.
- Ingestion points: Design data is fetched from the Subframe API via the
get_page_infoandget_component_infoMCP tools as specified inSKILL.md. - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions that might be embedded within the external design metadata.
- Capability inventory: The agent is authorized to write new files (e.g., UI components, pages) and execute shell commands through the Subframe CLI.
- Sanitization: No explicit sanitization or validation of the remote design content is mentioned in the skill instructions.
Audit Metadata