algorithmic-art
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the p5.js library from cdnjs.cloudflare.com, which is a trusted and well-known source for web dependencies.
- [PROMPT_INJECTION]: The skill uses authoritative and repetitive phrasing (e.g., 'CRITICAL', 'MUST stress') to guide the AI's creative output, which is interpreted as a quality-focused behavioral nudge rather than a security risk.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by using untrusted user input to derive algorithmic 'seeds' and code logic. Evidence: 1. Ingestion points: User requests and 'subtle instructions' provided to the philosophy generation phase in SKILL.md. 2. Boundary markers: Absent; the skill lacks delimiters or instructions to treat user input as data rather than instructions. 3. Capability inventory: The agent is tasked with writing and returning a full p5.js algorithm embedded in an HTML artifact. 4. Sanitization: Absent; the instructions do not require the agent to sanitize or escape user-provided conceptual inputs before code generation.
Audit Metadata