frontend-design
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Automated security scans have confirmed the presence of 6 malicious URLs associated with the domain
najaminstitute.comwithin the skill files. These URLs (including paths like/zakatand/about-us) are currently blacklisted and pose a severe risk of redirection to malicious content or phishing attempts. - [PROMPT_INJECTION]: The application implements a data-driven narrative rendering engine in
SourceLinkedText.tsxthat parses custom<cite>tags from evaluation data. This architecture creates an indirect prompt injection surface where the agent could ingest and obey malicious instructions embedded in the charity evaluation JSON files. - Ingestion points: evaluation narrative, headline, and summary fields in
data/charities/charity-*.jsonfiles. - Boundary markers: Absent in the parsing logic; instructions in data are not delimited from the system context.
- Capability inventory: The application has access to Firebase authentication, Firestore write operations (reporting issues and logging donations), and external URL redirection.
- Sanitization: Although
dompurifyis included in the project'spackage.json, it is not utilized in the manual regex-based parsing logic of the evaluation text components.
Recommendations
- AI detected serious security threats
- Contains 6 malicious URL(s) - DO NOT USE
Audit Metadata