xkcd-says-what
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill relies exclusively on Python standard libraries for its operations, eliminating risks associated with unverified external dependencies.
- [SAFE]: Communication is restricted to the official XKCD API and website, which are the intended and expected destinations for the skill's functionality.
- [SAFE]: The implementation includes effective sanitization of external data, specifically using HTML attribute escaping and Markdown symbol escaping to prevent indirect injection.
- [SAFE]: A validation mechanism verifies the availability of remote resources before the skill attempts to modify local files or render content.
Audit Metadata