workbook-generate

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's instructions focus on pedagogical mapping, UI component selection, and structural consistency for educational document generation.
  • [DATA_EXFILTRATION]: The guidelines explicitly forbid data persistence mechanisms such as localStorage, postMessage, or parent-frame communication. This ensures that any learner-provided data remains in-memory only and is not stored or transmitted externally.
  • [REMOTE_CODE_EXECUTION]: The skill mandates a 'standalone HTML contract' that excludes CDN-hosted scripts or runtime dependencies. This prevents the inclusion of untrusted remote code in the generated artifacts.
  • [PROMPT_INJECTION]: The skill defines a system for transforming markdown content into interactive components. It includes structural safeguards to maintain document integrity during automated generation.
  • Ingestion points: Processes external markdown files (text-*.md, quiz-*.md) as course content.
  • Boundary markers: Implements a 'fragment contract' with attribute and ID namespacing to isolate content from different modules.
  • Capability inventory: Generates self-contained HTML files containing vanilla JavaScript for interactive UI components (e.g., accordions, tabs, and parametric knobs).
  • Sanitization: Includes a normalization pass during assembly to verify that generated fragments conform to the allowed component kit and adhere to accessibility standards.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 10:51 PM
Security Audit — agent-trust-hub — workbook-generate