shiki-code-blocks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentation includes a curl command targeting an external, untrusted domain (fullstackrecipes.com).
- PROMPT_INJECTION (LOW): The skill exhibits an Indirect Prompt Injection surface (Category 8) by fetching untrusted external data. 1. Ingestion points: Data is fetched via curl from an external API. 2. Boundary markers: None identified. 3. Capability inventory: No executable scripts are included in the skill. 4. Sanitization: No sanitization of the fetched markdown content is performed.
Audit Metadata