algorithmic-art
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the p5.js library via Cloudflare's CDN (cdnjs.cloudflare.com) and pulls fonts from Google Fonts. These are well-known technology services and are considered safe sources for these assets.
- [PROMPT_INJECTION]: The skill is designed to interpret and transform user input into generative code, which naturally creates a surface for indirect instructions. Ingestion points: User-provided creative prompts are used to establish the 'Conceptual Seed' and 'Algorithmic Philosophy' in SKILL.md. Boundary markers: The instructions do not specify the use of clear delimiters to isolate user-provided text from the generative logic. Capability inventory: The agent is instructed to output .md, .html, and .js files, effectively allowing code execution within the generated p5.js environment. Sanitization: No explicit sanitization or validation of user-provided creative input is performed before it is processed into the generated code.
- [SAFE]: The skill does not exhibit behaviors associated with credential theft, data exfiltration, or persistence. Its functionality is focused on creative code generation within a sandboxed browser environment.
Audit Metadata