Skills
skills/artblocks/skills/scaffold-art-script/Gen Agent Trust Hub

scaffold-art-script

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by instructing the agent to process and convert existing user-provided art scripts.
  • Ingestion points: User-provided art scripts used as the source for conversion into Art Blocks format (SKILL.md).
  • Boundary markers: None explicitly provided to separate the user's code content from the agent's internal instructions.
  • Capability inventory: The skill utilizes the scaffold_artblocks_project tool to generate and output HTML and JavaScript files.
  • Sanitization: No validation or sanitization steps are defined for the user-provided code before it is incorporated into the scaffolding process.
  • [SAFE]: The skill uses vendor-specific MCP resources and tools. Accessing the artblocks://generator-spec resource and using the scaffold_artblocks_project tool are legitimate operations within the Art Blocks developer environment.
  • [SAFE]: The skill references established libraries like p5.js and Three.js within their standard functional context for generative art, posing no unusual risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 05:26 PM