social-proof-widgets
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates strong security practices for handling untrusted data. The provided code snippets use
document.createElementandtextContentfor rendering customer-derived strings like names and locations. This approach is a standard defense against Cross-Site Scripting (XSS) and prevents indirect prompt injection through poisoned data. - [SAFE]: Data privacy is maintained through explicit instructions for PII (Personally Identifiable Information) anonymization. The skill directs the user to fetch and display only the customer's first name and city, intentionally excluding sensitive fields such as full names, email addresses, or internal order identifiers.
- [SAFE]: No indicators of malicious behavior, such as unauthorized data exfiltration, hardcoded credentials, or command execution, were found. The skill relies on standard ecommerce platform integrations (Shopify, WooCommerce) and well-documented API patterns.
Audit Metadata