interactive-artifact
Warn
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
resources/layout-and-theme.mdfile contains a shell script snippet for serving the generated artifact. It usespython3 -m http.serverto start a local server andtailscale serveto expose it on the user's tailnet. This facilitates the exposure of local filesystem content over the network.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection and XSS through its data rendering patterns. Every finding follows the mandatory evidence chain:\n - Ingestion points: Data objects and Mermaid diagram strings defined in
resources/card-grid.md,resources/tree-and-toc.md, andresources/explorable-diagram.md.\n - Boundary markers: None. There are no delimiters or instructions to treat data as untrusted.\n
- Capability inventory: The skill can execute shell commands (
tailscale,python3) and performs network operations.\n - Sanitization: Absent. The provided examples use
innerHTMLto inject data directly into the DOM and explicitly configure Mermaid withsecurityLevel: 'loose', which permits arbitrary JavaScript execution via diagram click events.\n- [EXTERNAL_DOWNLOADS]: The skill fetches multiple libraries from well-known CDNs (JSDelivr, Unpkg, esm.sh) to support its visualization features, including Chart.js, Tabulator, Diff2Html, React, React Flow, Tailwind CSS, Mermaid, Cytoscape, Vis-timeline, and Shiki.
Audit Metadata