Skills
skills/aviz85/claude-skills-library/ten-by-ten/Gen Agent Trust Hub

ten-by-ten

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script to serve an interactive selection UI.
  • It runs python3 <skill-dir>/scripts/pick-server.py <sheet.html> to initiate a local web server for user interaction.
  • It uses the open command to launch the system's default browser to http://localhost:8777.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where untrusted data is rendered in a browser environment.
  • Ingestion points: AI-generated variations (untrusted content) are directly embedded into an HTML file (sheet.html) created in a sandbox or temporary directory.
  • Boundary markers: There are no explicit security delimiters or "ignore instructions" warnings used when the agent interpolates these variations into the HTML grid.
  • Capability inventory: The local server (scripts/pick-server.py) serves this HTML to the browser, allowing the browser to execute any scripts or HTML tags generated by the model.
  • Sanitization: Neither the skill instructions nor the server script (pick-server.py) perform escaping or sanitization of the AI-generated content before it is rendered in the user's browser, potentially allowing for XSS (Cross-Site Scripting) if the model generates malicious payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 10:50 AM
Security Audit — agent-trust-hub — ten-by-ten