frontend-improver
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of prompt-based design instructions and architectural guidelines. It does not include any executable scripts, binaries, or dangerous system commands.\n- [NO_CODE]: No source code files (e.g., .js, .py, .sh) are included in the skill package; it is entirely composed of Markdown documentation and instructions.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it instructs the agent to read and process untrusted project data to inform its design decisions.\n
- Ingestion points: The skill (specifically in references/teach-impeccable.md) scans the project's README, package.json, and source code components to gather context.\n
- Boundary markers: There are no explicit instructions to use delimiters or ignore embedded instructions within the processed project files.\n
- Capability inventory: The skill is capable of writing configuration data to the local file system (.impeccable.md and the project's main configuration file).\n
- Sanitization: The instructions do not define any sanitization or validation steps for content retrieved from the external codebase before it is used to populate design context.
Audit Metadata