email-designer
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runinpreview-helper.pyto open generated HTML files in the default browser. This facilitates design preview using standard system commands. - [DYNAMIC_EXECUTION]: The skill instructions involve generating a modified local Python script (
html-to-eml.py) to handle file conversion. This uses only standard library components and provided templates. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided text to fill templates, which is its primary function. It provides basic validation and organization for output files.
- Ingestion points: Placeholder replacement in
content-filler.py - Boundary markers: Absent in HTML structures
- Capability inventory:
subprocess.run(preview), file writes (output-manager.py) - Sanitization: Basic entity replacement for plain-text fallback
- [SAFE]: The skill relies exclusively on the Python standard library, requiring no external packages or remote downloads.
- [SAFE]: No network activity, data exfiltration, or credential access patterns were detected. File operations are restricted to the local environment with sanitized project names.
Audit Metadata