amis-builder
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill uses a local utility script
scripts/search_docs.pyto retrieve Markdown documentation from the official Baidu amis repository on GitHub (raw.githubusercontent.com/baidu/amis). This is documented as a legitimate knowledge-base feature and targets a well-known service. - [DYNAMIC_EXECUTION]: The skill generates HTML preview pages that load the amis SDK from the
unpkg.comCDN. This dynamic loading is necessary for rendering the generated amis schemas in a browser. - [INDIRECT_PROMPT_INJECTION]: The skill maintains a potential surface for indirect prompt injection through its documentation retrieval process.
- Ingestion points: Markdown content fetched from the official
baidu/amisGitHub repository. - Boundary markers: None identified in the prompt templates for external content.
- Capability inventory: Ability to execute Python scripts, perform network requests to GitHub, and write HTML files locally.
- Sanitization: None applied to the fetched documentation before it is presented or processed by the agent.
Audit Metadata