frontend-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill processes untrusted user requirements, creating a surface for indirect prompt injection (Category 8).
- Ingestion points: Frontend requirements provided by the user (SKILL.md).
- Boundary markers: Absent; user requirements are directly interpreted by the agent.
- Capability inventory: The skill is limited to generating frontend code (HTML, CSS, JS, React, Vue) and does not possess file-writing, network-access, or subprocess-execution capabilities.
- Sanitization: No input validation or sanitization logic is present.
- [Data Exposure & Exfiltration] (SAFE): No evidence of hardcoded credentials, sensitive file path access, or network exfiltration attempts.
- [Remote Code Execution] (SAFE): The skill does not contain patterns for downloading or executing remote scripts.
Audit Metadata