hello-demo
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill uses the
cpcommand inSKILL.mdto moveassets/hello-demo.htmlto the/mnt/user-data/outputs/directory. This is a routine operation for delivering artifacts to the user context. - [Dynamic Execution] (LOW): The provided HTML file contains a hardcoded JavaScript bookmarklet. While bookmarklets can represent a risk, this instance is static, benign (performs an alert), and intended for demonstration.
- [Indirect Prompt Injection] (INFO): The skill lacks an untrusted data ingestion surface, as it only serves static assets. 1. Ingestion points: None (static asset delivery). 2. Boundary markers: N/A. 3. Capability inventory: File copy (
cp) via subprocess inSKILL.md. 4. Sanitization: N/A.
Audit Metadata