schema-markup
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides patterns for generating JSON-LD and JSX code based on user-provided data, creating a potential indirect prompt injection surface. * Ingestion points: User-provided site content and product details used to populate schema fields (SKILL.md). * Boundary markers: Absent; there are no instructions to use delimiters or warnings to ignore embedded instructions in user data. * Capability inventory: Generates HTML script blocks and Next.js components that are rendered into the DOM. * Sanitization: Absent; the implementation examples (e.g., the Next.js example using 'dangerouslySetInnerHTML') do not include escaping or validation of user-provided strings, which could lead to cross-site scripting (XSS) if the input contains malicious script tags.
- [SAFE]: The skill includes links to official documentation and validation tools from trusted sources including Google and Schema.org.
Audit Metadata