workbook-generate
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's instructions focus on pedagogical mapping, UI component selection, and structural consistency for educational document generation.
- [DATA_EXFILTRATION]: The guidelines explicitly forbid data persistence mechanisms such as
localStorage,postMessage, or parent-frame communication. This ensures that any learner-provided data remains in-memory only and is not stored or transmitted externally. - [REMOTE_CODE_EXECUTION]: The skill mandates a 'standalone HTML contract' that excludes CDN-hosted scripts or runtime dependencies. This prevents the inclusion of untrusted remote code in the generated artifacts.
- [PROMPT_INJECTION]: The skill defines a system for transforming markdown content into interactive components. It includes structural safeguards to maintain document integrity during automated generation.
- Ingestion points: Processes external markdown files (
text-*.md,quiz-*.md) as course content. - Boundary markers: Implements a 'fragment contract' with attribute and ID namespacing to isolate content from different modules.
- Capability inventory: Generates self-contained HTML files containing vanilla JavaScript for interactive UI components (e.g., accordions, tabs, and parametric knobs).
- Sanitization: Includes a normalization pass during assembly to verify that generated fragments conform to the allowed component kit and adhere to accessibility standards.
Audit Metadata