frontend-dev-guidelines
Warn
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing non-standard and potentially malicious packages 'react-hook-blog' and '@hookblog/resolvers' (seen in 'resources/complete-examples.md'). These appear to be suspicious naming variations or typosquats of the legitimate 'react-hook-form' and '@hookform/resolvers' libraries, posing a supply-chain risk.
- [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration or hardcoded credentials was found. The patterns for handling authentication and making API requests using 'apiClient' are standard for modern frontend applications.
- [PROMPT_INJECTION]: No prompt injection attempts or instructions to override the agent's safety protocols were detected in the skill's instructions or metadata.
- [SAFE]: Aside from the suspicious dependency references, the structural and architectural guidelines for Next.js, React 19, and TanStack libraries align with industry best practices.
Audit Metadata