html-css-guide
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains instructional content for code generation and does not attempt to override system prompts or bypass safety filters.
- [Data Exposure & Exfiltration] (SAFE): No access to sensitive file paths (~/.ssh, ~/.aws) or unauthorized network operations were found.
- [Obfuscation] (SAFE): The content consists of clear, human-readable markdown and code snippets without encoding or hidden characters.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The 'Tooling' section documents standard development utilities (stylelint, htmlhint, lighthouse, etc.) run via npx. These are well-known industry tools from the official npm registry and are used as intended for auditing and formatting.
- [Privilege Escalation] (SAFE): No use of sudo, administrative commands, or unauthorized permission modifications were detected.
- [Persistence Mechanisms] (SAFE): The skill does not attempt to modify shell profiles, cron jobs, or system services.
- [Indirect Prompt Injection] (SAFE): While the skill defines how to process HTML/CSS data, it does not implement unsafe interpolation of untrusted data into executable contexts.
Audit Metadata