frontend-dev-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill instructions define a professional persona ('senior frontend engineer') to guide architectural decisions. It contains no attempts to bypass safety filters or ignore prior instructions.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or secrets were found. Authentication patterns are handled via a local
useAuthhook as per best practices. - [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard, reputable industry libraries such as React, MUI, TanStack Query, and Zod. No untrusted or remote script execution (e.g., curl | bash) is present.
- [DATA_EXFILTRATION] (SAFE): No code patterns or network operations were found that would transmit sensitive local data to unauthorized external domains.
- [COMMAND_EXECUTION] (SAFE): The skill is strictly limited to frontend React development and does not invoke system-level commands, shell scripts, or subprocesses.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill demonstrates secure data ingestion patterns by explicitly recommending Zod for schema validation and input sanitization in forms.
- [DYNAMIC_EXECUTION] (SAFE): While the skill utilizes
React.lazyand dynamicimport()for code splitting, these are standard performance optimizations using static paths and do not involve executing untrusted dynamic strings.
Audit Metadata