metadata
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to review HTML metadata, creating a surface for indirect prompt injection from untrusted web content.
- Ingestion points: The skill processes HTML source code during the 'reviewing page head sections' task as described in SKILL.md.
- Boundary markers: The instructions do not specify any delimiters or safety markers to differentiate between the agent's instructions and the content being reviewed.
- Capability inventory: The skill metadata requests access to Bash, Write, and Edit tools, which are powerful capabilities if manipulated via injection.
- Sanitization: No sanitization or content validation is provided for the HTML data processed by the skill.
- [NO_CODE]: The skill does not include any executable scripts or binaries, consisting only of Markdown and JSON configuration files.
Audit Metadata