mesop
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references and encourages the use of external scripts and stylesheets from CDNs. Evidence: Documentation in
web-components.mdandstyling-and-layouts.mdfor loading JS fromcdn.jsdelivr.netand external CSS. Risk: This is often combined with the recommendation to usedangerously_disable_trusted_types=True, which bypasses critical browser-level XSS protections. - [COMMAND_EXECUTION] (LOW): Provides standard instructions for running and deploying applications via CLI. Evidence:
mesop main.pyand Docker build commands indeployment-and-config.md. - [INDIRECT_PROMPT_INJECTION] (MEDIUM): The framework inherently handles untrusted data which can influence agent behavior. Ingestion points:
me.input,me.textarea, andme.uploadercomponents incomponents-reference.md. Boundary markers: Not mentioned or enforced in the guidance. Capability inventory: The skill handles event logic that can involve API calls or file operations. Sanitization: Not explicitly addressed; components likeme.markdowncan render malicious content from untrusted sources.
Audit Metadata