frontend-design
Fail
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: CRITICALDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The application implements feedback and reporting features (
src/components/FeedbackButton.tsxandsrc/components/ReportIssueButton.tsx) that capture user-submitted information, including email addresses and text descriptions. This data is transmitted to an external Firebase Firestore instance owned by the skill author. - [EXTERNAL_DOWNLOADS]: Automated security scanners detected multiple malicious or blacklisted URLs within the skill's data files, specifically pointing to
najaminstitute.com. These URLs present a risk to the agent or user if they are navigated to during the evaluation process. - [PROMPT_INJECTION]: The skill includes a repository of system prompts used for data extraction and narrative generation (
data/prompts/). While these are part of the data pipeline, they represent a potential surface for indirect prompt injection if the external charity sources being processed contain malicious instructions.
Recommendations
- Contains 6 malicious URL(s) - DO NOT USE
Audit Metadata