frontend-design
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes a trigger instruction in 'commands/frontend-design.md' that uses an override pattern ('follow it exactly as presented to you') to enforce the skill's specific design constraints.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes arbitrary user input to generate code and UI components.
- Ingestion points: User-provided tasks and framework requirements defined in 'schemas/input.schema.json'.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided templates.
- Capability inventory: The skill utilizes 'Write', 'Edit', and 'Bash' tools, allowing it to modify files and execute shell commands based on generated output.
- Sanitization: No evidence of input sanitization or validation of the 'task' string before processing.
- [COMMAND_EXECUTION]: The 'Memory Protocol' section in 'SKILL.md' instructs the agent to execute shell commands ('cat' and 'grep') to read from '.claude/context/memory/learnings.md'. While intended for state management, this represents a capability to execute commands on the local file system.
Audit Metadata