Skills
skills/terminalskills/skills/solid/Gen Agent Trust Hub

solid

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The routing example in src/routes/articles/[slug].tsx uses the innerHTML property to render the article body (<div innerHTML={a().body} />). This facilitates an indirect prompt injection (Cross-Site Scripting) vulnerability if the API response contains malicious scripts.
  • Ingestion points: Fetches data from /api/articles/${slug} in src/routes/articles/[slug].tsx.
  • Boundary markers: None present.
  • Capability inventory: Execution of arbitrary JavaScript in the user's browser context via injected tags.
  • Sanitization: No sanitization or escaping of the HTML content is demonstrated in the code example.
  • [COMMAND_EXECUTION]: The installation section instructs the user to run npx degit solidjs/templates/ts. This command clones a project template from the official SolidJS GitHub organization, which is a well-known and trusted source in the frontend development ecosystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 09:15 PM