makepad-splash
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard technical documentation reference for the Makepad Splash DSL. All documented functionalities are consistent with the stated purpose of assisting with UI scripting and automation.
- [COMMAND_EXECUTION]: The documentation describes the use of
cx.eval()andcx.eval_with_context()for runtime execution of Splash scripts. These are presented as native capabilities of the Makepad framework and are common in dynamic scripting environments. - [EXTERNAL_DOWNLOADS]: The skill includes usage examples for a built-in
httpobject capable of performing GET and POST requests. The examples provided use generic placeholder domains (e.g.,api.example.com) for instructional purposes. - [PROMPT_INJECTION]: The skill contains an operational instruction for the AI to ingest content from a local reference file
./references/splash-tutorial.md. This represents a surface for indirect prompt injection. - Ingestion points: The agent reads from
./references/splash-tutorial.md(relative path). - Boundary markers: No specific delimiters or "ignore instructions" wrappers are defined for the file ingestion.
- Capability inventory: The skill allows the agent to generate code using
cx.eval(runtime execution) andhttp(network access) capabilities. - Sanitization: No sanitization of the documentation content is mentioned before processing.
Audit Metadata