html-artifact

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from the repository, external systems, and user prompts to generate HTML artifacts (SKILL.md, Step 3). This creates a surface where malicious content in source materials could be rendered as active content in the output.
  • Ingestion points: User requests and repository content such as ticket links, file paths, and narrative data.
  • Boundary markers: Not explicitly provided in prompt templates to separate user data from HTML structure.
  • Capability inventory: File writing via computer:// links to the user's outputs directory.
  • Sanitization: Not explicitly instructed, although the skill restricts JavaScript use (SKILL.md, Step 5).
  • [DYNAMIC_EXECUTION]: The skill generates HTML, CSS, and small JavaScript snippets at runtime based on user data and predefined design tokens.
  • Evidence: Step 4 and 5 of SKILL.md describe assembling HTML from component templates found in references/design-tokens.md.
  • Risk: Standard generation of presentation code, which is assessed as low risk due to the explicit prohibition of external libraries and complex scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:32 AM
Security Audit — agent-trust-hub — html-artifact