frontend-starter-kit
Fail
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill automates the installation of 10 community skills from 'mattpocock/skills' and 2 skills from 'malinskibeniamin/skills' using 'bunx skills@latest add'. These downloads originate from third-party repositories, posing a supply chain risk.
- [REMOTE_CODE_EXECUTION]: Installing external skills integrates remote scripts and instructions that function as hooks (e.g., Stop, SessionStart) within the agent's runtime. These hooks can execute arbitrary logic during the agent's operation.
- [COMMAND_EXECUTION]: The setup instructions include direct shell commands to modify the agent's session environment via 'echo >> $CLAUDE_ENV_FILE' and execute a sequential series of configuration skills that alter the local toolchain.
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by configuring 24 hooks that process project data.
- Ingestion points: The agent reads and processes configuration files (package.json, biome.jsonc) and source code (src/env.ts) during hook execution.
- Boundary markers: There are no specified delimiters or instructions to ignore embedded content in the processed files.
- Capability inventory: The configured skills possess capabilities for file writing, editing, and subprocess execution across the 24 integrated hooks.
- Sanitization: The skill does not implement sanitization or validation for the data ingested during these automated checks.
Recommendations
- AI detected serious security threats
Audit Metadata