Skills
skills/marimo-team/skills/anywidget-generator/Gen Agent Trust Hub

anywidget-generator

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a template generator for marimo anywidgets, using standard Python and JavaScript patterns.
  • [DATA_EXFILTRATION]: While the skill mentions using pathlib to read external files for JavaScript and CSS content, it contains a specific security instruction: 'Do not read files outside the project (e.g., ~/.ssh, ~/.env, /etc/) or embed their contents in widget output.' This proactive constraint mitigates risks of local file inclusion or data exposure.
  • [REMOTE_CODE_EXECUTION]: The skill uses established libraries (anywidget, traitlets) to bridge Python and JavaScript. It does not perform any remote downloads, piped shell executions, or unauthorized package installations.
  • [PROMPT_INJECTION]: The instructions focus on structural code generation and do not contain any patterns intended to bypass safety filters or override system instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 07:01 PM