Skills
skills/ggprompts/htmlstyleguides/architecture/Gen Agent Trust Hub

architecture

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs shell command execution in Phase 4 to automate git repository updates including global configuration and pushing content to a remote repository.
  • [CREDENTIALS_UNSAFE]: The process in Phase 4 extracts a GitHub authentication token using the GitHub CLI and stores it in the ~/.git-credentials file, creating a persistent plaintext credential on the local system.
  • [EXTERNAL_DOWNLOADS]: The generated architecture maps are configured to fetch the Mermaid.js library from the JSDelivr CDN at runtime.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted content from the web during its research phase and using it to drive subagent behavior and HTML generation.
  • Ingestion points: Phase 1 subagents use WebSearch and WebFetch on arbitrary external URLs and GitHub repositories.
  • Boundary markers: There are no markers or instructions defined in the skill to prevent the subagents from following instructions embedded in the fetched web content.
  • Capability inventory: The skill has the capability to write files to the local directory and perform git push operations to remote repositories.
  • Sanitization: The skill does not implement sanitization or validation for data retrieved from external sources before it is incorporated into the build process.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 02:15 AM