html-pr-writeup
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not contain patterns for credential harvesting, unauthorized network communication, or privileged command execution. It primarily focuses on summarizing developer data into localized HTML artifacts.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection due to its core function of processing untrusted repository data.
- Ingestion points: Pull request diffs, commit history, and issue descriptions gathered via Git and MCP tools (
SKILL.md). - Boundary markers: Absent. The instructions do not direct the agent to use delimiters or isolation techniques for untrusted repository content.
- Capability inventory: The skill utilizes file-writing capabilities to save artifacts in
~/artifacts/(SKILL.md). - Sanitization: Absent. No instructions are provided for escaping HTML content or validating input data before it is rendered into the final artifact.
Audit Metadata