htmx-expert
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to review and analyze untrusted user code while having access to powerful tools like Bash and Write.\n
- Ingestion points: User-provided code snippets for review or refactoring (SKILL.md).\n
- Boundary markers: The instructions lack explicit delimiters or mandatory 'ignore' instructions for the content being analyzed.\n
- Capability inventory: The skill has access to Bash, Write, Edit, Read, Grep, and Glob tools.\n
- Sanitization: No input sanitization or validation logic is specified for the processed code.\n- [COMMAND_EXECUTION]: The skill mandates the execution of a shell command ('cat .claude/context/memory/learnings.md') to maintain its internal memory protocol (SKILL.md). This is a functional requirement for context persistence using a local path.
Audit Metadata