claudability-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (LOW): The skill ingests untrusted user data (job/profession descriptions) and interpolates it into an HTML template (templates/one-pager.html) to generate a report. This creates an indirect prompt injection surface.
- Ingestion points: User input provided during the discovery phase.
- Boundary markers: None specified for the HTML generation process.
- Capability inventory: The skill uses the Write tool to save files and calls the html-to-pdf and whatsapp skills.
- Sanitization: There are no instructions for the agent to sanitize or escape user input before placing it in the HTML structure.
- External Downloads (LOW): The HTML template references external resources from Google Fonts (fonts.googleapis.com). This is a trusted source used for UI styling.
Audit Metadata