htmx-universal-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE] (SAFE): The skill consists entirely of architectural documentation and markdown guidelines. There are no executable scripts, binaries, or configuration files provided.
- [PROMPT_INJECTION] (SAFE): No attempts to override system prompts, bypass safety filters, or use role-play for malicious purposes were detected. The instructional language is benign and educational.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or private secrets are present. Placeholders like '{{ csrfToken }}' are standard template markers and do not constitute a finding.
- [EXTERNAL_DOWNLOADS] (SAFE): No external package managers (npm, pip) or remote script execution (curl/wget) patterns are utilized.
- [DATA_EXFILTRATION] (SAFE): There are no network operations or access to sensitive local file paths (~/.ssh, ~/.aws) that could lead to data exposure.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill discusses processing HTML, it does not define an automated ingestion surface or exploitable capability chain within the skill itself.
Audit Metadata