html-style
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill transforms user-provided HTML by injecting a specific design system through CSS (assets/base.css) and structural classes. This process is restricted to visual enhancement and does not involve executing the input content in a high-privilege context.\n- [SAFE]: JavaScript functionality is limited to hardcoded templates for client-side features. The 'saveDraft' function utilizes browser localStorage for persistence, and 'copyToClipboard' uses the standard navigator API. Neither function performs remote requests or accesses sensitive data.\n- [SAFE]: Data ingestion analysis (Indirect Prompt Injection): 1. Ingestion points: User HTML (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: No network, file-system, or subprocess operations detected across files. 4. Sanitization: Not explicitly performed. The lack of powerful capabilities mitigates the risks associated with untrusted data ingestion.
Audit Metadata