map-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a significant attack surface for indirect injection by ingesting untrusted external data and possessing high-privilege write capabilities.
- Ingestion points: User-provided inputs for Map Purpose, Markers, Descriptions, and Titles in 'Step 1: Gather Map Requirements'.
- Boundary markers: None identified. The skill lacks instructions to wrap user input in delimiters or explicitly ignore embedded instructions within data fields.
- Capability inventory: The skill has the capability to write multiple file types including 'main.html', 'script.js', 'map-data.json', and 'index.md'.
- Sanitization: There is no mention of escaping, validating, or sanitizing user-provided strings before they are interpolated into the HTML templates or the 'script.js' logic. This allows for XSS if a user provides a marker description containing a script tag.
- External Downloads (LOW): The skill is designed to generate code that fetches external resources.
- Evidence: The 'main.html' template (Step 4) and 'script.js' (Step 6) include hardcoded Leaflet CDN links and various tile layer URLs (e.g., OpenStreetMap, ArcGIS). While these are standard for mapping, the inclusion of third-party scripts from CDNs without integrity checks (Subresource Integrity) is a minor best-practice violation.
Recommendations
- AI detected serious security threats
Audit Metadata