antv-x6-editor

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions employ strict behavioral constraints and override markers (e.g., "核心约束(必须遵守)", "禁止声明...", "不得出现...") to force the model to adhere to specific API versioning and environment restrictions. While intended for technical correctness, these represent behavioral overrides.
  • [EXTERNAL_DOWNLOADS]: Reference files include links to fetch library assets and scripts from trusted and well-known services, including unpkg.com and Alipay's content delivery network (gw.alipayobjects.com). These are standard resources for the AntV ecosystem.
  • [SAFE]: The skill instructions facilitate the creation of custom HTML nodes that ingest potentially untrusted data through the graph's data store.
  • Ingestion points: Data enters the execution context through node.getData() inside Shape.HTML.register callbacks (e.g., in references/core/x6-core-html-shape.md).
  • Boundary markers: Code templates lack delimiters or instructions to ignore embedded commands within the data.
  • Capability inventory: The generated code performs DOM manipulation and uses innerHTML to render properties, which has the capability to execute scripts if the input is not sanitized.
  • Sanitization: The provided examples do not include sanitization or escaping logic for the interpolated data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 08:13 PM
Security Audit — agent-trust-hub — antv-x6-editor