garchi-render-content
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to fetch and process data from an external CMS (Garchi), which acts as an untrusted source. This creates a surface for indirect prompt injection where malicious content in the CMS could influence agent behavior during code generation.\n
- Ingestion points: Data is fetched from Garchi CMS (pages, sections, data items) via server-side logic.\n
- Boundary markers: The skill does not provide explicit boundary markers or 'ignore' instructions for the data being processed by the agent.\n
- Capability inventory: The skill involves generating code for network requests (fetching content) and rendering logic (file manipulation or output generation).\n
- Sanitization: The skill correctly mandates HTML sanitization ('Sanitize HTML before rendering (XSS)') to prevent cross-site scripting in the final application.\n- [External Downloads] (LOW): The skill requires the agent to review an OpenAPI specification from a non-whitelisted domain (garchi.co.uk).\n
- Evidence: 'Review OpenAPI spec (https://garchi.co.uk/docs/v2.openapi) (mandatory)'.
Audit Metadata