hugo-sveltia-cms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill suggests installing dependencies from standard registries (NPM and PyPI) and includes a remote script reference to unpkg.com in the admin template. While common in web development, these are external code sources.
- [COMMAND_EXECUTION] (LOW): The skill processes user-provided Markdown files via a Python script for format conversion. This introduces a surface for indirect prompt injection (Category 8) where malicious content in processed files could attempt to influence the agent's behavior, although the capabilities used are task-specific.
Audit Metadata