html-artifact
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from the repository, external systems, and user prompts to generate HTML artifacts (SKILL.md, Step 3). This creates a surface where malicious content in source materials could be rendered as active content in the output.
- Ingestion points: User requests and repository content such as ticket links, file paths, and narrative data.
- Boundary markers: Not explicitly provided in prompt templates to separate user data from HTML structure.
- Capability inventory: File writing via computer:// links to the user's outputs directory.
- Sanitization: Not explicitly instructed, although the skill restricts JavaScript use (SKILL.md, Step 5).
- [DYNAMIC_EXECUTION]: The skill generates HTML, CSS, and small JavaScript snippets at runtime based on user data and predefined design tokens.
- Evidence: Step 4 and 5 of SKILL.md describe assembling HTML from component templates found in references/design-tokens.md.
- Risk: Standard generation of presentation code, which is assessed as low risk due to the explicit prohibition of external libraries and complex scripts.
Audit Metadata