Skills
skills/sickn33/antigravity-awesome-skills/xss-html-injection/Gen Agent Trust Hub

xss-html-injection

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill includes several payloads designed to exfiltrate sensitive browser data. For instance, it provides scripts to capture document.cookie and localStorage and send them to an external, non-whitelisted domain (attacker.com) via fetch, document.location, or image requests.
  • [EXTERNAL_DOWNLOADS]: The content references external domains for the purpose of logging exfiltrated data and delivering malicious payloads, including references to attacker.com.
  • [CREDENTIALS_UNSAFE]: The documentation features a 'Phishing form injection' template which is explicitly designed to capture user credentials and submit them to an external, attacker-controlled URL.
  • [PROMPT_INJECTION]: The skill provides a detailed 'Filter Bypass Techniques' section, which teaches the use of obfuscation, encoding (such as Base64 and HTML entities), and tag variations to circumvent security filters and execute unauthorized scripts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 07:01 PM