Skills
skills/aidgets/duoduo-widgets/interactive-widget/Gen Agent Trust Hub

interactive-widget

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of a third-party Node.js package @openduo/duoduo-widgets to function.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the duoduo-widget CLI tool and python3 to manage local files and communicate with the remote widget service.
  • [DATA_EXFILTRATION]: User-provided or agent-generated content is transmitted to an external service at https://aidgets.dev to host and share interactive web pages.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it builds HTML pages from processed data without requiring sanitization.
  • Ingestion points: Untrusted data from external sources (e.g., web search results, user input) is interpolated into HTML templates via Python string replacement in SKILL.md and references/html_patterns.md.
  • Boundary markers: The skill suggests using comments like <!-- NEXT --> as delimiters, but these are for structural replacement rather than security boundaries.
  • Capability inventory: The skill can execute shell commands, perform network operations to the widget service, and write to temporary local files.
  • Sanitization: The skill documentation explicitly states "no escaping needed" for content sections, which may encourage the inclusion of raw, potentially malicious HTML or JavaScript from untrusted sources into the final widget view.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 08:25 AM