dioxus-knowledge-patch
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions targeting agent behavior or safety filters were detected. The content is strictly instructional.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were found. Server function examples demonstrate standard header/cookie handling patterns.
- [Obfuscation] (SAFE): All files are in clear, human-readable markdown with no hidden or encoded content.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not perform remote downloads or package installations. It lists standard framework CLI commands (
dx serve,dx build) intended for local developer use. - [Dynamic Execution] (SAFE): Mentions of WASM bundle splitting and hot-patching (
subsecond::call) refer to legitimate framework features for performance and developer experience, not malicious runtime code injection. - [Indirect Prompt Injection] (LOW): The skill documents the
dangerous_inner_htmlattribute, which is a standard feature for rendering raw HTML. The documentation appropriately warns to 'use sparingly' due to potential XSS risks if used with untrusted data, which is standard security guidance for frontend developers.
Audit Metadata