Skills
skills/zhanghandong/makepad-skills/makepad-splash/Gen Agent Trust Hub

makepad-splash

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill describes cx.eval() and script! macros. While these execute code, they are presented as the core intended functionality of the 'Splash' scripting language within the Makepad ecosystem. No malicious command injection or shell escapes were found.
  • [EXTERNAL_DOWNLOADS] (SAFE): References to https://crates.io/crates/makepad-widgets and https://api.example.com are for documentation or illustrative purposes. No suspicious downloads or piped executions (curl|bash) are present.
  • [DATA_EXFILTRATION] (SAFE): Includes examples of http.get and http.post. These are standard API interaction patterns for a scripting language and are not configured to exfiltrate sensitive local data (e.g., SSH keys or environment variables).
  • [PROMPT_INJECTION] (SAFE): The 'CRITICAL' marker in the frontmatter is used as a high-priority trigger for the AI agent to recognize the specific language context, not as an attempt to bypass safety filters or override system instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:21 PM