tdesign-miniprogram
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill includes components (
t-chat-content,t-chat-markdown) for rendering AI-generated Markdown data. This creates a surface for indirect prompt injection where an attacker could embed malicious instructions in external data processed by the agent. - Ingestion points:
contentproperty inreferences/miniprogram-chat/components/chat-content.mdandreferences/miniprogram-chat/components/chat-markdown.md. - Boundary markers: Documentation notes that user-generated text is HTML-escaped, but no specific boundary markers or 'ignore' instructions are provided for Markdown content.
- Capability inventory: Rendering Markdown links, images, and executing click handlers (e.g.,
handleLinkTapinchat-markdown.md) for navigation. - Sanitization: HTML escaping is mentioned for user-role text to prevent injection in
chat-content.md. - [SAFE] (SAFE): Decoded the Base64 string in
references/miniprogram/components/icon.mdwithin the CSS@font-faceblock. The payload is a standard binary WOFF2 font file used for UI icons and does not contain any executable logic or malicious commands.
Audit Metadata