frontend
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external documents such as product PRDs and wireframes, which introduces a standard surface for indirect prompt injection.
- Ingestion points: Processes product requirements (PRDs) and wireframe descriptions to generate UI components as defined in SKILL.md.
- Boundary markers: No explicit markers are present to differentiate untrusted requirement data from system instructions.
- Capability inventory: The skill utilizes the 'opencode' tool in build mode to generate and modify files on the filesystem according to instructions in SKILL.md.
- Sanitization: There is no mention of input validation or sanitization for the data contained within the processed requirements.
Audit Metadata