html
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run the
open <file>.htmlcommand on macOS systems to display the generated artifact. This involves executing a shell command to trigger system-level file handling. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest untrusted data from the local environment and process it into HTML artifacts that are intended to be rendered in a browser.
- Ingestion points: The instructions guide the agent to read codebase files, configuration files (e.g.,
tailwind.config), and git history to populate the content of the HTML artifacts (SKILL.md). - Boundary markers: There are no specific delimiters or instructions to ignore embedded commands provided for the data being interpolated into the HTML templates.
- Capability inventory: The skill performs file system reads and executes the
opencommand to view results. - Sanitization: The instructions do not specify any sanitization or escaping procedures for the content retrieved from the codebase. This could allow malicious code or scripts stored within the codebase (e.g., in documentation or comments) to be executed when the user opens the generated HTML artifact.
Audit Metadata