lit-component
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documents architectural patterns for components (such as 'ct-render' and 'Cell'-aware elements) that ingest and render reactive data from the Common Tools runtime. This capability represents an indirect prompt injection surface.
- Ingestion points: Data enters the component context via 'Cell' properties and the 'ct-render' component as described in 'SKILL.md' and 'references/cell-integration.md'.
- Boundary markers: The provided implementation templates do not include explicit boundary markers or instructions to isolate or ignore embedded prompts within the reactive data.
- Capability inventory: The components are designed for UI rendering and 'pattern loading,' which involves runtime execution and display of data-driven interfaces.
- Sanitization: The guidance does not specify sanitization or escaping procedures for data contained within 'Cells' before it is rendered into the DOM.
Audit Metadata