Skills
skills/shinpr/claude-code-workflows/recipe-front-design/Gen Agent Trust Hub

recipe-front-design

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating untrusted user input into sub-agent prompts.
  • Ingestion points: User-provided requirements are captured in SKILL.md via the $ARGUMENTS variable and passed to tools like the requirement-analyzer and ui-analyzer.
  • Boundary markers: User input is interpolated directly into prompts (e.g., 'prompt: "Requirements: [user requirements]..."') without explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: The agent invokes sub-agents that perform file system reads, codebase analysis, and documentation generation.
  • Sanitization: No explicit sanitization or validation of the user input is performed before it is passed to the sub-agents. This risk is mitigated by the required user approval steps at every major workflow phase.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 03:39 AM