instagram-carousel
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious instructions, obfuscation techniques, or unauthorized data access patterns were identified. The skill's primary function is the generation of UI-focused HTML assets based on a structured design system.
- [PROMPT_INJECTION]: The skill uses instructional language to enforce design and data standards. While it defines an attack surface for indirect prompt injection by instructing the agent to research external data and process user-provided URLs, no malicious intent or exploitation patterns were found.
- Ingestion points: External research for statistics and user-provided website URLs (SKILL.md).
- Boundary markers: Not explicitly defined.
- Capability inventory: Generates self-contained HTML and JavaScript for social media slides.
- Sanitization: No explicit sanitization or validation of researched content is provided.
- [COMMAND_EXECUTION]: The skill generates static JavaScript components for progress indicators and navigation. These are used within the generated HTML output and do not involve the execution of arbitrary shell commands or dangerous runtime logic.
Audit Metadata