sgds-components-combo-box
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill code example for async filtering demonstrates an unsafe data handling pattern. * Ingestion points: Results from the fetchUsers(query) call in the script block in SKILL.md. * Boundary markers: None; untrusted data is directly embedded into HTML. * Capability inventory: The script uses innerHTML to dynamically update the DOM. * Sanitization: None; data is concatenated into a template literal without escaping.
Audit Metadata