Skills
skills/ssojet/skills/oidc-hosted-page/Gen Agent Trust Hub

oidc-hosted-page

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill utilizes non-sensitive placeholders such as <my_client_id> and YOUR_CLIENT_SECRET for credentials, correctly instructing users to handle real secrets securely.
  • [SAFE]: Network references are limited to official vendor domains (e.g., auth.ssojet.com), which are legitimate endpoints for the described OIDC functionality.
  • [PROMPT_INJECTION]: Identified an indirect prompt injection surface in PROMPTS.md where user-provided values are interpolated into agent instructions.
  • Ingestion points: Placeholders like {framework} and {my_api_endpoint} in PROMPTS.md allow for external data ingestion.
  • Boundary markers: Missing explicit delimiters to separate user input from instructional text.
  • Capability inventory: Instructions involve file system modification and package installation (npm install).
  • Sanitization: No validation or escaping is applied to the placeholder content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:34 PM