frontend-agents-a11y-perf-consistency-auditor

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill's instructions and reference files are consistent with its stated purpose of auditing UI components and project files. No obfuscation, data exfiltration, or persistence mechanisms were detected.
  • [COMMAND_EXECUTION]: In references/methods.md and references/anti-patterns.md, the skill documentation includes example commands for running local validator scripts using absolute paths (e.g., /home/freek/GitHub/Skill-Package-Workflow-Template/scripts/validate-line-count.js). These are informative examples for the user rather than malicious instructions for the agent.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to read and analyze untrusted project files (*.html, *.js, *.ts, *.css, *.md).
  • Ingestion points: Files are loaded via the 'Read source materially' instruction in SKILL.md.
  • Boundary markers: The instructions do not define specific delimiters or warnings for the agent when processing this untrusted content.
  • Capability inventory: The skill is limited to reading files and generating audit reports; it does not instruct the agent to execute the code it analyzes.
  • Sanitization: No specific sanitization or filtering of the ingested content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 01:01 PM
Security Audit — agent-trust-hub — frontend-agents-a11y-perf-consistency-auditor