Frontend Design
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface via its UI components. Ingestion points: The
property_card,ai_insight_panel, anddata_tablemethods inSKILL.mdprocess potentially untrusted data like property addresses, AI insights, and tabular data. Boundary markers: No delimiters or instructions are used to separate the structural UI components from the interpolated data. Capability inventory: The skill makes extensive use ofst.markdown(..., unsafe_allow_html=True)which allows for the execution of arbitrary HTML and CSS in the user's browser. Sanitization: There is no evidence of HTML escaping or data validation before the content is rendered, making it susceptible to XSS or indirect prompt injection if the data source is compromised. - [COMMAND_EXECUTION]: The
reference/caching-patterns.mdfile includes documentation that instructs the user or agent to execute local scripts (e.g.,python .claude/scripts/validate-caching.py) to automate caching validation and enforcement. While these are local path references, they represent a documented entry point for command execution within the agent's environment.
Audit Metadata