Skills
skills/duc01226/easyplatform/pbi-mockup/Gen Agent Trust Hub

pbi-mockup

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes user-controlled artifacts to extract specifications without sanitization.\n
  • Ingestion points: Markdown files located in team-artifacts/pbis/ and team-artifacts/pbis/stories/ (SKILL.md:65, 102).\n
  • Boundary markers: The instructions do not define delimiters or specific "ignore" rules for embedded content when parsing these artifacts.\n
  • Capability inventory: The agent has access to Bash, Write, and Read tools, which could be exploited if malicious instructions in the artifacts are obeyed (SKILL.md:Frontmatter).\n
  • Sanitization: No explicit validation or filtering of the artifact content is described before it is used for generation.\n- [EXTERNAL_DOWNLOADS]: The generated mockups reference external typography assets from a well-known service.\n
  • Evidence: The generated HTML includes a link to Google Fonts (https://fonts.googleapis.com/css2?family=Inter) for styling (SKILL.md:144).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 07:25 AM