knowledge-2-web
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection / XSS (HIGH): The template generator in
scripts/generate-template.jsis highly vulnerable to injection attacks due to unsafe data handling.\n - Ingestion points: Untrusted content from JSON files (e.g.,
assets/example-industrial-revolution.json) is passed directly to thegenerateKnowledgeHTMLfunction.\n - Boundary markers: Absent. There are no mechanisms to distinguish between data and potentially malicious instructions or scripts embedded within the JSON fields.\n
- Capability inventory: The skill writes generated HTML to the local file system (
output/knowledge-web/). This output is intended for rendering in browsers or agents, creating a direct path for script execution or behavioral override.\n - Sanitization: Completely absent. The code uses template literals (e.g.,
${title},${description}) to insert data into the HTML structure without any HTML entity encoding or sanitization.\n- Credential Handling (LOW): While the skill supports environment variables, documentation andscripts/test-gemini-image.pyalso demonstrate passing API keys as command-line arguments, which can leak sensitive tokens to other users on the system via process monitoring tools.
Recommendations
- AI detected serious security threats
Audit Metadata