interactive-explainer

Pass

Audited by Gen Agent Trust Hub on Jul 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to automatically execute shell commands (open, xdg-open, or start) to launch generated HTML files in the default web browser.
  • [EXTERNAL_DOWNLOADS]: The skill references and encourages the use of external JavaScript libraries from well-known CDNs including cdnjs, unpkg, and jsdelivr.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. Ingestion points: Untrusted source material and sibling skill output (linear-walkthrough) are processed in SKILL.md. Boundary markers: Absent; there are no instructions to delimit or ignore embedded instructions in source data. Capability inventory: The skill can perform file-write operations and execute shell commands. Sanitization: Absent; no validation or escaping of external content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 14, 2026, 12:02 PM
Security Audit — agent-trust-hub — interactive-explainer