Skills
skills/renatocaliari/starhtml-skill/starhtml/Gen Agent Trust Hub

starhtml

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The SKILL.md file provides instructions to download a validation script (starhtml_check.py) from the author's GitHub repository.
  • [REMOTE_CODE_EXECUTION]: The documentation encourages users to fetch and execute demo scripts from a third-party GitHub repository (github.com/banditburai/starHTML).
  • [COMMAND_EXECUTION]: Installation instructions for the checker tool include commands to move the script to system-level directories (/usr/local/bin/) and modify permissions using chmod +x.
  • [COMMAND_EXECUTION]: The checker tool is described in documentation as having an --update feature that dynamically downloads and replaces the local script with a version from a remote server.
  • [COMMAND_EXECUTION]: The framework includes a js() helper (documented in reference/js.md) that serves as an escape hatch for raw JavaScript execution within HTML attributes, potentially bypassing framework safety measures.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 08:10 PM