Skills
skills/effeilo/claude-code-frontend-skills/front-review/Gen Agent Trust Hub

front-review

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted source code from the user's local filesystem, which constitutes a vulnerability surface for indirect prompt injection where malicious instructions could be embedded within the files being reviewed.
  • Ingestion points: Target source files (JS, TS, CSS, HTML, Vue, Svelte, Astro) are read into the agent's context as specified in Step 4 of SKILL.md.
  • Boundary markers: The orchestration logic in SKILL.md does not employ specific delimiters or negative constraints to isolate the user-provided code from the agent's primary instructions.
  • Capability inventory: The skill's capabilities are limited to reading files (Read tool) and finding paths (Glob tool).
  • Sanitization: There is no evidence of sanitization or filtering of the input file content before it is processed for review.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 01:52 PM
Security Audit — agent-trust-hub — front-review