coding-javascript
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it generates code based on user-supplied queries and external API endpoints.
- Ingestion points: User input via the --query parameter and placeholders for API endpoints in the SKILL.md file.
- Boundary markers: None present; the skill lacks instructions to wrap user input in delimiters or to disregard embedded instructions.
- Capability inventory: The generated code is designed to interact with the DOM and make network requests using the fetch API.
- Sanitization: The skill focuses on operational error handling (try-catch) rather than sanitizing the inputs used in the generated code.
Audit Metadata