Skills
skills/dev-goraebap/sveltekit-custom-skills/html-prototype/Gen Agent Trust Hub

html-prototype

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the execution of shell commands to manage dependencies via npm install and to run the extract_pdf_text.js script for processing PDF files.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the pdf-parse library from the NPM registry during its setup phase.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill parses untrusted user-provided documents (PDF, Markdown, or Text) to generate executable code without sanitization.
  • Ingestion points: User-specified files and the screen-design/ directory.
  • Boundary markers: No delimiters or instructions are used to distinguish untrusted data from the agent's generation logic.
  • Capability inventory: The skill uses Bash tools to read local files and write HTML/JS prototypes.
  • Sanitization: The skill does not perform validation or sanitization on text extracted from source documents before code generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 02:20 AM