algorithmic-art
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's HTML template fetches the p5.js library from Cloudflare's CDNjs repository. This is a well-known and trusted Content Delivery Network for web dependencies.\n- [PROMPT_INJECTION]: The skill's design establishes a surface for indirect prompt injection because user-supplied creative concepts are utilized to generate executable JavaScript code.\n
- Ingestion points: Aesthetic descriptions provided by the user are used as the 'conceptual seed' in SKILL.md to guide the synthesis of generative art logic.\n
- Boundary markers: The skill does not implement delimiters or safety instructions to ensure that code-like patterns or commands within user input are ignored by the agent during generation.\n
- Capability inventory: The agent outputs self-contained HTML artifacts that include JavaScript code (setup, draw, and custom classes) designed to execute within the user's environment.\n
- Sanitization: No explicit validation, filtering, or sanitization of user-provided input is performed prior to its inclusion in the code generation process.
Audit Metadata