The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because its core functionality requires processing untrusted external data.
Ingestion points: Data enters the context via the audit_url tool (fetching remote HTML) and the review_code tool (processing user-provided snippets) as described in SKILL.md.
Boundary markers: The instructions do not specify the use of delimiters or explicit boundary markers to isolate analyzed code from the agent's instructional logic.
Capability inventory: The skill's capabilities are focused on network retrieval of public pages and rule-based auditing; it does not include instructions for direct system command execution or sensitive local file access.
Sanitization: There is no evidence of sanitization or content validation for the ingested external data before processing.
[SAFE]: All external URLs and references (e.g., to frontendchecklist.io) target official vendor domains and documentation, appearing consistent with the skill's intended functionality.

frontend-checklist-global