frontend-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill lacks safeguards when ingesting untrusted external data that is then processed using powerful tools. Evidence Chain: (1) Ingestion points: User-provided frontend requirements (components, pages, applications) described in SKILL.md. (2) Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are provided. (3) Capability inventory: The skill utilizes Bash, Write, Edit, Read, Glob, and Grep. (4) Sanitization: Absent; no validation or escaping of user-provided content is performed. This creates a surface where malicious instructions hidden in design requests could influence agent actions.
- [Command Execution] (SAFE): Permission to use the Bash tool is intended for local development tasks such as linting, formatting, and building. No instructions for malicious command execution or unauthorized system modification were found within the skill itself.
Audit Metadata