dashboard-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill facilitates the generation of HTML files using data provided by users, which inherently creates a potential surface for indirect injection.
- Ingestion points: Data metrics, labels, and titles are extracted from user input and interpolated into
assets/templates/base_template.htmlandSKILL.mdpatterns. - Boundary markers: No specific delimiters or boundary markers are defined to isolate untrusted user data from the template structure.
- Capability inventory: The skill is capable of writing content to local files (e.g.,
[name]-dashboard.html). - Sanitization: The provided instructions do not specify sanitization or escaping of the user-provided data. However, as this behavior is fundamental to the primary purpose of generating a dashboard and no malicious intent is evident, the risk is considered negligible within this context.
- Data Exposure & Exfiltration (SAFE): No evidence of hardcoded credentials, access to sensitive file paths, or unauthorized network requests was found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not install external packages or execute remote scripts; it relies on standard HTML/CSS and SVG rendering.
Audit Metadata