eng-frontend
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface Analysis
- Ingestion points: The skill is designed to process project files, source code, and integrate with external backend APIs (referenced in SKILL.md under 'Create Modern Web Applications' and 'Your Workflow Process').
- Boundary markers: None identified. There are no explicit instructions to the agent to ignore or delimit instructions found within the files it reads or the API data it processes.
- Capability inventory: The skill explicitly allows use of 'bash' (command execution), 'git' (repository manipulation), and 'File ops' (reading/writing files) as documented in the 'Copilot CLI Operations' section.
- Sanitization: No sanitization or validation logic is described for handling external data before it is used in decision-making or command construction.
Audit Metadata