playground
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a 'no external dependencies' policy, ensuring that all generated HTML playgrounds contain only inlined CSS and JavaScript. This practice prevents the loading of potentially malicious third-party scripts and ensures the privacy of the user's data by avoiding external network requests.
- [COMMAND_EXECUTION]: The skill utilizes legitimate environment capabilities, such as opening files in a browser and running
git showto retrieve repository data. These actions are appropriate for the skill's purpose of building interactive development tools. - [PROMPT_INJECTION]: Analysis of the Indirect Prompt Injection surface (Category 8): 1. Ingestion points: Untrusted data enters the agent context through document files, git diffs, and codebase architecture data. 2. Boundary markers: The generated prompt templates lack explicit delimiters to isolate untrusted content from the rest of the instructions. 3. Capability inventory: The skill can perform file-write operations and execute specific shell commands (e.g., git). 4. Sanitization: There is no evidence of HTML escaping or data sanitization in the templates before rendering user-provided content. Assessment: These ingestion surfaces are inherent to the tool's function as a reviewer and represent a low risk, categorized here as safe.
Audit Metadata