Skills
skills/copilotkit/opengenerativeui/Master Agent Playbook/Gen Agent Trust Hub

Master Agent Playbook

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches visualization libraries from well-known content delivery networks.
  • References Chart.js from Cloudflare's CDN (cdnjs.cloudflare.com) and Mermaid.js from esm.sh.
  • [INDIRECT_PROMPT_INJECTION]: The skill provides templates for interactive widgets that use innerHTML to render content, creating a potential surface for Indirect Prompt Injection or XSS if the agent populates these with unsanitized data.
  • Ingestion points: Data used to populate SVG elements or step-through content in the templates within SKILL.md.
  • Boundary markers: Absent in the provided HTML/JavaScript templates.
  • Capability inventory: Rendering of HTML/SVG and execution of JavaScript in the response interface.
  • Sanitization: The templates do not include sanitization logic for data interpolated into the DOM.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 08:53 PM
Security Audit — agent-trust-hub — Master Agent Playbook