vanilla-web
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Command Execution (SAFE): The script
scripts/serve.shprovides a local web server using Python's built-in module. This is a common development utility and is safely implemented with quoted variables. - Prompt Injection (SAFE): No malicious override instructions or bypass attempts were found in the skill's markdown files.
- Data Exposure & Exfiltration (SAFE): There are no hardcoded secrets, sensitive file accesses, or external network operations in the skill.
- Indirect Prompt Injection (SAFE): The skill has a standard surface for processing user instructions for web development.\n
- Ingestion points: User instructions processed via
SKILL.md.\n - Boundary markers: None identified.\n
- Capability inventory: Local file system writing and local server execution via
scripts/serve.sh.\n - Sanitization: None detected; the risk is minimal as the skill facilitates local development.
Audit Metadata