moai-domain-html-report

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the use of unescaped HTML interpolation for certain data fields.\n
  • Ingestion points: The skill processes potentially untrusted content through the markdown argument defined in SKILL.md.\n
  • Boundary markers: No boundary markers or safety instructions are present to prevent the agent from obeying instructions embedded within the source markdown.\n
  • Sanitization: The skill lacks sanitization for specific interpolation points. Specifically, references/templates/status.html.mustache uses triple-brace tags ({{{.}}}) for highlights, and references/templates/pr.html.mustache uses triple-brace tags ({{{why_html}}}) for file change descriptions. This allows raw HTML and JavaScript to be rendered directly into the generated report.\n
  • Capability inventory: The skill possesses the Write tool to create artifacts and the Bash tool to execute opening commands. A malicious payload in the source data could execute scripts in the user's browser context when following the skill's instructions to open the report.\n- [EXTERNAL_DOWNLOADS]: The skill templates reference external typography resources from trusted services.\n
  • All templates connect to Google Fonts (fonts.googleapis.com) to load Noto and JetBrains Mono fonts.\n
  • Several templates fetch the Pretendard font stack from the jsDelivr CDN (cdn.jsdelivr.net).\n
  • These are well-known technology providers and are used legitimately for design consistency as documented in the font policy.\n- [COMMAND_EXECUTION]: The skill instructs the agent to perform local shell operations to facilitate file viewing.\n
  • SKILL.md directs the agent to generate and potentially run commands such as !open, !xdg-open, or !start based on the operating system.\n
  • This utilizes the Bash tool to interact with the host environment and invoke the default browser for the generated HTML output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 05:12 AM
Security Audit — agent-trust-hub — moai-domain-html-report