Skills
skills/famaoai-creator/gemini-skills/html-reporter/Gen Agent Trust Hub

html-reporter

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external Markdown data to generate HTML reports, creating a surface for indirect prompt injection.
  • Ingestion points: Reads content from a file path specified by the user via the input argument in src/index.ts.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the input content as untrusted data within the HTML template.
  • Capability inventory: The skill has the capability to read local files and write to the file system using the @agent/core secure-io wrappers.
  • Sanitization: While the skill includes an escapeHTML utility for the report title, the main markdown body is parsed by the marked library. If the input source is controlled by an attacker and the parser allows raw HTML, it could lead to XSS or downstream injection issues.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes industry-standard, well-known dependencies including marked for markdown parsing and yargs for CLI argument handling. These are trusted sources in the Node.js ecosystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 05:22 PM