design-taste-frontend
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional and provides a set of design constraints and architectural rules for the AI to follow when generating frontend code.
- [EXTERNAL_DOWNLOADS]: The skill references a well-known placeholder image service (picsum.photos) for UI development purposes. This is a standard industry practice and considered safe.
- [COMMAND_EXECUTION]: The skill instructs the agent to suggest standard package installation commands (e.g.,
npm install) only after verifying their absence inpackage.json. It targets well-known, industry-standard libraries. - [INDIRECT_PROMPT_INJECTION]: The skill processes user prompts to generate code and commands, creating a potential attack surface.
- Ingestion points: User chat prompts (untrusted input) guide the UI generation logic.
- Boundary markers: The skill does not explicitly define markers to separate instructions from user data, though it provides internal rules to the AI.
- Capability inventory: The skill can suggest shell commands for package management and generates functional JavaScript/TypeScript code.
- Sanitization: No explicit sanitization or filtering of user input is mentioned within the instructions.
- Note: This surface is intrinsic to the nature of AI-assisted coding tools and is mitigated by standard model safety guardrails and user review of the generated output.
Audit Metadata