frontend-strategy

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill demonstrates a vulnerability to indirect prompt injection within its orchestration workflow.
  • Ingestion points: Untrusted data is collected during 'Phase 0: Client Discovery' in SKILL.md, where the user provides business objectives, competitor URLs, and brand details.
  • Boundary markers: The handoff templates used throughout SKILL.md (Phases 1-4) utilize a simple text-based format: Brief: [paste the original client discovery, unchanged]. There are no robust delimiters (such as random nonces or XML tags) or specific instructions to treat the 'Brief' section as untrusted data, making it possible for malicious instructions in the discovery input to hijack downstream agents.
  • Capability inventory: The skill invokes several specialist agents, including seo-specialist (which may use web-browsing tools) and content-marketer. If the discovery input contains hidden instructions, it could influence the behavior of these agents when they process the 'Brief'.
  • Sanitization: The skill explicitly instructs the agent to pass the discovery data 'unchanged' to other specialists, ensuring that no filtering or escaping occurs before the potentially untrusted content is re-interpolated into new prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 01:04 PM
Security Audit — agent-trust-hub — frontend-strategy