frontend-design-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local shell scripts (
scripts/scan_ui_sources.shandscripts/generate_output_skeleton.sh) to perform repository scanning and directory scaffolding. These scripts take arguments such as the repository root and output paths, which are typical for developer-oriented automation. - [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill's primary function is to ingest and analyze arbitrary frontend codebases (React, Vue, Angular, etc.), which are external, untrusted data sources.
- Ingestion points: Source files within the target repository scanned by
scripts/scan_ui_sources.sh. - Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions when the agent reads content from the scanned files.
- Capability inventory: Shell script execution (
scripts/scan_ui_sources.sh) and file system write access for generating theui-ux-spec/documentation. - Sanitization: No sanitization or validation logic is defined to prevent the agent from interpreting instructions embedded in code comments or strings as its own directives.
Audit Metadata