frontend-design
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from
.tasks/domain.mdto extract brand information and domain context without using boundary markers or sanitization logic. This data directly influences the generated UI code.\n - Ingestion points: .tasks/domain.md (read during Step 2 of the Required Workflow).\n
- Boundary markers: Absent. No delimited instructions are used to separate untrusted file content.\n
- Capability inventory: The skill can write and modify project files (Step 7 in SKILL.md) and execute shell commands (npx command in shadcn-setup-and-theming.md).\n
- Sanitization: No input validation or escaping of the ingested data is performed.\n- [COMMAND_EXECUTION]: The skill workflow requires the agent to run shell commands such as
npx shadcn@latest addfor component installation as described in shadcn-setup-and-theming.md.\n- [EXTERNAL_DOWNLOADS]: UI components are downloaded from the official shadcn/ui registry using the npx utility, which is an established and well-known third-party service.
Audit Metadata