Skills
skills/mgd34msu/goodvibes-gemini/web-components/Gen Agent Trust Hub

web-components

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill templates demonstrate property and attribute reflection into the DOM using 'innerHTML', which creates a vulnerability surface for indirect injection.
  • Ingestion points: 'getAttribute' calls in 'SKILL.md' (e.g., UserCard, ReactiveElement).
  • Boundary markers: Uses Shadow DOM for style and DOM isolation, but lacks content sanitization logic for attribute-to-HTML interpolation.
  • Capability inventory: Multiple instances of 'innerHTML' assignments across component examples in 'SKILL.md'.
  • Sanitization: None present in the provided snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:53 AM