style-guide-generator
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external websites and user-provided files, representing a surface for indirect prompt injection. This is a standard risk for web-analysis tools and is within the skill's primary functional scope.
- Ingestion points: External URLs (via the web_fetch tool), user-uploaded screenshots, and documentation files.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the agent instructions.
- Capability inventory: The skill has the capability to perform network reads via web_fetch, generate PDF files, and execute its bundled Python script.
- Sanitization: No explicit sanitization or validation of the fetched external content is described.
- [COMMAND_EXECUTION]: The skill utilizes a local bundled Python script (scripts/analyze_website.py) to perform the technical analysis of website source code. This script is a vendor-owned resource used for the skill's core functionality.
Audit Metadata