html-pr-writeup

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill does not contain patterns for credential harvesting, unauthorized network communication, or privileged command execution. It primarily focuses on summarizing developer data into localized HTML artifacts.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection due to its core function of processing untrusted repository data.
  • Ingestion points: Pull request diffs, commit history, and issue descriptions gathered via Git and MCP tools (SKILL.md).
  • Boundary markers: Absent. The instructions do not direct the agent to use delimiters or isolation techniques for untrusted repository content.
  • Capability inventory: The skill utilizes file-writing capabilities to save artifacts in ~/artifacts/ (SKILL.md).
  • Sanitization: Absent. No instructions are provided for escaping HTML content or validating input data before it is rendered into the final artifact.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:32 AM
Security Audit — agent-trust-hub — html-pr-writeup