interactive-artifact

Warn

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The resources/layout-and-theme.md file contains a shell script snippet for serving the generated artifact. It uses python3 -m http.server to start a local server and tailscale serve to expose it on the user's tailnet. This facilitates the exposure of local filesystem content over the network.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection and XSS through its data rendering patterns. Every finding follows the mandatory evidence chain:\n
  • Ingestion points: Data objects and Mermaid diagram strings defined in resources/card-grid.md, resources/tree-and-toc.md, and resources/explorable-diagram.md.\n
  • Boundary markers: None. There are no delimiters or instructions to treat data as untrusted.\n
  • Capability inventory: The skill can execute shell commands (tailscale, python3) and performs network operations.\n
  • Sanitization: Absent. The provided examples use innerHTML to inject data directly into the DOM and explicitly configure Mermaid with securityLevel: 'loose', which permits arbitrary JavaScript execution via diagram click events.\n- [EXTERNAL_DOWNLOADS]: The skill fetches multiple libraries from well-known CDNs (JSDelivr, Unpkg, esm.sh) to support its visualization features, including Chart.js, Tabulator, Diff2Html, React, React Flow, Tailwind CSS, Mermaid, Cytoscape, Vis-timeline, and Shiki.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 29, 2026, 05:03 AM
Security Audit — agent-trust-hub — interactive-artifact