Skills
skills/maneeshanif/cli-todo-app-speckit/render-skill/Gen Agent Trust Hub

render-skill

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOW
Full Analysis
  • Prompt Injection (SAFE): No instructions designed to override behavior or bypass safety guidelines were found.
  • Data Exposure & Exfiltration (SAFE): The skill does not access sensitive files or perform any network operations.
  • Obfuscation (SAFE): The code is transparent and contains no encoded or hidden logic.
  • Indirect Prompt Injection (INFO): Detected a surface for terminal markup injection. 1. Ingestion points: Untrusted data enters through function parameters in render_task_table, render_task_detail, and render_dashboard. 2. Boundary markers: Absent. 3. Capability inventory: Restricted to terminal output via the Rich library; no subprocess, network, or file system write privileges. 4. Sanitization: Absent; input strings are directly interpolated into Rich markup. This could allow an attacker to change the color or style of terminal output, but no execution or exfiltration is possible.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 09:57 AM