tweaks
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and manipulate arbitrary HTML artifacts, creating a surface for indirect prompt injection. Maliciously crafted source HTML could potentially contain instructions that influence the agent's behavior during the wrapping process. \n
- Ingestion points: User-provided or agent-generated HTML content (SKILL.md Step 1). \n
- Boundary markers: No specific delimiters or instructions to ignore embedded content within the artifact are defined. \n
- Capability inventory: The skill outputs HTML with embedded JavaScript that uses localStorage for state management and performs direct DOM manipulation. \n
- Sanitization: There is no logic to sanitize or escape the content of the input artifact before it is interpolated into the wrap template.\n- [EXTERNAL_DOWNLOADS]: The skill templates and examples reference external assets from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). These are well-known and trusted services used for legitimate design purposes.
Audit Metadata