supporting-custom-elements
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The content consists of legitimate technical documentation and examples. No attempts to bypass agent constraints or override system instructions were detected.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file system paths, or unauthorized network communication patterns are present in the skill.
- Remote Code Execution (SAFE): The skill does not perform any remote script execution or download untrusted binaries. The referenced package (@material/mwc-button) is a standard library used for example purposes.
- Indirect Prompt Injection (LOW): The skill provides patterns for rendering HTML via Custom Elements. While developers should always sanitize input used in
innerHTML, the skill itself does not expose an exploitable surface to the agent or process untrusted external data in a way that would trigger a vulnerability.
Audit Metadata