frontend-design
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill metadata in SKILL.md contains deceptive author information. It identifies 'anthropics' as the author, which conflicts with the actual uploader identity ('wyc7758775'). This constitutes metadata poisoning as it may lead users to incorrectly trust the skill as an official artifact from a well-known organization.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill processes untrusted user requirements and technical constraints (SKILL.md).
- Boundary markers: Absent. There are no clear delimiters or instructions to the agent to ignore or isolate instructions contained within user-provided data.
- Capability inventory: The skill instructions direct the agent to generate and execute functional code, specifically HTML, CSS, JavaScript, React, and Vue (SKILL.md).
- Sanitization: Absent. The skill does not implement any validation or sanitization logic for the requirements it processes before generating code.
Audit Metadata