build-review-interface
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of high-level design instructions and requirements for building a browser-based tool. It does not include any executable scripts, command-line operations, or network requests.
- [DATA_EXFILTRATION]: The instructions focus on local data persistence (CSV, SQLite, or JSON) and local file access. There are no patterns suggesting data exfiltration to external domains.
- [INDIRECT_PROMPT_INJECTION]: The skill proactively addresses the risk of processing untrusted data (LLM traces) by requiring the developer to 'Sanitize rendered content,' 'Strip raw HTML,' and 'Disable images... that could be tracking pixels.' These are industry-standard mitigations for the indirect prompt injection surface inherent in annotation tools.
Audit Metadata