decision-board
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The HTML template for the decision board (
assets/board_template.html) fetches font assets from Google Fonts, which is a well-known and trusted technology service provider. - [COMMAND_EXECUTION]: The
scripts/serve.pyscript executes thelsofcommand viasubprocess.runto manage local network ports. This is used to find and terminate existing instances of the board server to ensure it can bind to the intended port. - [DATA_EXFILTRATION]: No external data transmission or exfiltration was detected. The server binds only to the local loopback address (
127.0.0.1), and the user's choices are saved to a local JSON file on the disk. - [PROMPT_INJECTION]: The skill processes user-supplied information to build the interactive board, creating a surface for indirect prompt injection. This is well-mitigated by explicit instructions requiring the agent to show the generated specification to the user for manual approval before serving the board.
- Ingestion points: Decisions and options are extracted from unstructured user materials like chat history or audit logs.
- Boundary markers:
SKILL.mdcontains clear instructions to get user approval of the JSON spec before the render step. - Capability inventory: The skill can execute local commands (
lsof), run a local web server, and write result files to the local filesystem. - Sanitization: Content is safely injected into the browser context using
json.dumpsfor serialization, and the board template includes a dedicated HTML escaping function for rendering markdown content.
Audit Metadata