digest-website
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches typographic resources from Google Fonts (fonts.googleapis.com) to provide the newspaper-style design specified in the template.
- [COMMAND_EXECUTION]: Executes Git commands (git add, git commit, git push) to automate the deployment of generated files to a remote repository, such as GitHub Pages.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection via the processing of untrusted markdown digests.
- Ingestion points: Data is read from files matching the pattern
pm-workspace-docs/status/activity/digest/digest-*.md. - Boundary markers: The skill uses double-brace Handlebars-style interpolation (e.g.,
{{HEADLINE}}) which typically embeds content directly into the DOM without verifying the safety of the input string. - Capability inventory: The skill possesses the ability to write files to the
docs/directory and execute shell commands to push those files to a public-facing repository. - Sanitization: There is no evidence of HTML escaping, content security policy (CSP) generation, or markdown-to-safe-HTML validation in the generation procedure.
Audit Metadata