server-side-rendering
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides template examples that utilize unsafe rendering filters, creating a potential surface for Indirect Prompt Injection or XSS.
- Ingestion points: The skill demonstrates capturing user-provided content through web forms and URL parameters (e.g., in
references/flask-with-jinja2-templates.mdandreferences/nodejsexpress-with-ejs-templates.md). - Boundary markers: The templates do not use specific delimiters or protective instructions to isolate untrusted content from the application's instruction logic.
- Capability inventory: The skill enables the agent to perform database operations and generate dynamic HTML content based on stored data.
- Sanitization: While the "Best Practices" section mentions sanitization, the code snippets in
references/jinja2-template-examples.mdandreferences/ejs-template-examples.mdexplicitly use| safe(Jinja2) and<%-(EJS), which disable automatic HTML escaping and can lead to the execution of malicious scripts if the input is not sanitized beforehand.
Audit Metadata