playground
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in
SKILL.mddirect the agent to execute theopencommand to launch generated HTML files in the user's default browser. Additionally, templates liketemplates/diff-review.mdsuggest usinggit showto retrieve data for the playground.- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection (Category 8) by design. User input from the generated interactive tools is incorporated into subsequent prompts for the AI without strict sanitization. - Ingestion points: User comments and feedback collected in
templates/code-map.md,templates/diff-review.md, andtemplates/document-critique.md. - Boundary markers: None. Prompt generation logic in the templates performs simple string concatenation without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has the ability to execute shell commands (via
open) and generate/modify files. - Sanitization: No evidence of input sanitization or escaping before user input is added to the HTML
innerHTMLor the final prompt text.- [DYNAMIC_EXECUTION]: The skill uses a pattern of generating complete HTML files with embedded JavaScript logic for state management and rendering (e.g.,updateAll,renderPreview). While primarily for UI functionality, this runtime code generation is a significant part of the skill's operation.
Audit Metadata