frontend-dev-guidelines

Warn

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing non-standard and potentially malicious packages 'react-hook-blog' and '@hookblog/resolvers' (seen in 'resources/complete-examples.md'). These appear to be suspicious naming variations or typosquats of the legitimate 'react-hook-form' and '@hookform/resolvers' libraries, posing a supply-chain risk.
  • [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration or hardcoded credentials was found. The patterns for handling authentication and making API requests using 'apiClient' are standard for modern frontend applications.
  • [PROMPT_INJECTION]: No prompt injection attempts or instructions to override the agent's safety protocols were detected in the skill's instructions or metadata.
  • [SAFE]: Aside from the suspicious dependency references, the structural and architectural guidelines for Next.js, React 19, and TanStack libraries align with industry best practices.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 01:00 PM
Security Audit — agent-trust-hub — frontend-dev-guidelines