Skills
skills/tuckerandrew21/eft-tracker/frontend-design/Gen Agent Trust Hub

frontend-design

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill has a significant attack surface for indirect prompt injection.
  • Ingestion points: Processes project files (Read/Edit), CSS, and external web content (WebFetch, Playwright navigate/snapshot).
  • Boundary markers: Absent. There are no instructions for the agent to distinguish between design content and malicious instructions embedded in HTML/CSS comments.
  • Capability inventory: Possesses powerful capabilities including Bash, Write, and Edit file access, and browser automation.
  • Sanitization: Absent. The skill does not define methods to sanitize or validate the content of files it reads before processing them.
  • Command Execution (LOW): The skill is granted Bash tool access in its metadata. While no malicious commands are present in the skill's instructions, this high-privilege tool increases the potential impact if the agent is successfully manipulated via injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:32 PM