frontend-design
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No evidence of direct prompt injection, override commands, or safety bypass patterns in the instructional text.
- [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection. 1. Ingestion points: The skill explicitly processes user-provided frontend requirements to build components. 2. Boundary markers: None are defined in the instructions to delimit user input from agent instructions. 3. Capability inventory: The skill is restricted to generating frontend code (HTML, CSS, JS, React) and does not contain file-write or network-access capabilities. 4. Sanitization: No sanitization or validation logic is present for user-provided data. Severity is LOW because the capability is limited to influence over agent reasoning and output content.
- [Data Exposure & Exfiltration] (SAFE): No access to sensitive environment variables, credentials, or file paths was detected.
- [Obfuscation] (SAFE): The content is entirely human-readable with no Base64, zero-width characters, or homoglyphs.
- [No Code] (INFO): This skill contains no scripts, binaries, or configuration files, functioning strictly as a set of natural language instructions.
Audit Metadata