gamified-app
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and provided reference files focus exclusively on generating static user interface prototypes. There are no indications of command execution, file system access, or network exfiltration capabilities across any scripts.
- [EXTERNAL_DOWNLOADS]: The example HTML references typography from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). These are recognized as well-known and trusted services, thus they do not escalate the security verdict.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by interpolating user-provided briefs into the generated UI elements. 1. Ingestion points: User brief provided at runtime to populate brand and quest names. 2. Boundary markers: Absent. 3. Capability inventory: Generation of HTML/CSS artifacts via the artifact tag. 4. Sanitization: Absent. The risk is negligible as the output is restricted to static design visualization.
Audit Metadata