xhtml-author
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its file-editing capabilities.
- Ingestion points: The skill uses Read, Edit, and Grep tools to interact with existing markup files as described in the allowed-tools metadata.
- Boundary markers: There are no explicit instructions or delimiters defined in the skill documentation to prevent the agent from following instructions that might be embedded within the files it processes.
- Capability inventory: The skill is permitted to use Read, Write, Edit, Glob, and Grep tools, allowing for significant file system modification based on interpreted content.
- Sanitization: The instructions do not specify any sanitization or validation routines for external content before it is processed or used to generate new markup.
Audit Metadata