frontend-master
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the use of the --yolo flag with the gemini CLI, which bypasses user confirmation for all file modifications and shell commands. This creates a high-autonomy environment where errors or malicious inputs can lead to immediate, irreversible changes to the codebase.
- [PROMPT_INJECTION]: The skill implements a multi-phase pipeline that introduces a risk of indirect prompt injection. It captures the output of an initial image analysis (Phase 1) and interpolates it directly into a high-privilege implementation prompt (Phase 2).
- Ingestion points: External data enters the pipeline through image analysis results stored in /tmp/ui-analysis.md.
- Boundary markers: The skill uses "--- UI ANALYSIS ---" and "--- END ANALYSIS ---" delimiters, which provide structural separation but do not prevent the model from obeying instructions embedded in the analysis data.
- Capability inventory: The skill possesses broad file system modification capabilities via the gemini --yolo command, especially when used with flags like --all-files or --include-directories.
- Sanitization: No sanitization, escaping, or validation is performed on the analysis content before it is interpolated into the executable prompt.
Audit Metadata