Skills
skills/marcoodignoti/couple-diary/use-dom/Gen Agent Trust Hub

use-dom

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill demonstrates patterns for ingesting and rendering untrusted data within a WebView component which has a bridge to native functionality.
  • Ingestion points: components/WebChart.tsx (data prop), components/dom-component.tsx (content prop), components/syntax-highlight.tsx (code prop).
  • Boundary markers: Absent; data is interpolated directly into JSX/HTML without explicit delimiters or 'ignore' instructions.
  • Capability inventory: app/index.tsx exposes native bridging capabilities including Alert.alert and potential data storage operations via saveData.
  • Sanitization: Absent; the examples do not illustrate any validation, escaping, or sanitization of the data before it enters the WebView context or is passed back to native callbacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:40 PM