brand-guidelines
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The generated HTML document includes references to Google Fonts, which is a well-known and trusted service for web typography.
- [PROMPT_INJECTION]: The skill operates on user-provided inputs and local image files to assemble the brand book. While it lacks explicit instruction-isolation markers, it includes sanitization measures to handle the risks of processing untrusted data. (1) Ingestion points: User-defined brand parameters and local logo files (SKILL.md). (2) Boundary markers: Absent. (3) Capability inventory: File read and write operations (SKILL.md). (4) Sanitization: The HTML template (references/html-brand-book-template.md) specifically uses safe DOM methods like
textContentto prevent script injection in the final output. - [SAFE]: Analysis of the skill's logic, scripts, and templates reveals no malicious behavior, obfuscation, or unauthorized data exfiltration. The skill's functionality aligns with its described purpose and follows security best practices for handling user assets and external resources.
Audit Metadata