hwc-stimulus-fundamentals
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill demonstrates processing untrusted external data (JSON in Stimulus values and DOM attributes) which could be used for cross-site scripting (XSS).
- Ingestion points: 'this.jobsValue' in 'references/2023-12-19-stimulus-outlets-api.md' and 'this.fileValue' in 'references/2025-11-25-stimulus-web-share-api.md'.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided examples.
- Capability inventory: The skill uses 'insertAdjacentHTML' for DOM manipulation and 'fetch()' for network operations.
- Sanitization: Absent; the code in 'references/2023-12-19-stimulus-outlets-api.md' uses '.replaceAll()' to inject 'job.id' and 'job.type' into an HTML string which is then inserted into the DOM. This lacks proper escaping, making it vulnerable to indirect injection if the input contains malicious HTML.
- [Data Exposure & Exfiltration] (MEDIUM): The Web Share API example in 'references/2025-11-25-stimulus-web-share-api.md' performs a 'fetch()' on a user-controlled value ('this.fileValue').
- Evidence: 'const response = await fetch(this.fileValue);'. This could be exploited to perform Server-Side Request Forgery (SSRF) or exfiltrate data if the environment allows fetching internal or sensitive URLs.
- [External Downloads] (LOW): The skill references external JavaScript libraries from a CDN.
- Evidence: 'references/2024-06-18-fundamentals-core-web-vitals.md' imports Stimulus and Turbo from 'ga.jspm.io'. While common for development, these are unverifiable at runtime.
Audit Metadata