moai-domain-html-report
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the use of unescaped HTML interpolation for certain data fields.\n
- Ingestion points: The skill processes potentially untrusted content through the
markdownargument defined inSKILL.md.\n - Boundary markers: No boundary markers or safety instructions are present to prevent the agent from obeying instructions embedded within the source markdown.\n
- Sanitization: The skill lacks sanitization for specific interpolation points. Specifically,
references/templates/status.html.mustacheuses triple-brace tags ({{{.}}}) for highlights, andreferences/templates/pr.html.mustacheuses triple-brace tags ({{{why_html}}}) for file change descriptions. This allows raw HTML and JavaScript to be rendered directly into the generated report.\n - Capability inventory: The skill possesses the
Writetool to create artifacts and theBashtool to execute opening commands. A malicious payload in the source data could execute scripts in the user's browser context when following the skill's instructions to open the report.\n- [EXTERNAL_DOWNLOADS]: The skill templates reference external typography resources from trusted services.\n - All templates connect to Google Fonts (
fonts.googleapis.com) to load Noto and JetBrains Mono fonts.\n - Several templates fetch the Pretendard font stack from the jsDelivr CDN (
cdn.jsdelivr.net).\n - These are well-known technology providers and are used legitimately for design consistency as documented in the font policy.\n- [COMMAND_EXECUTION]: The skill instructs the agent to perform local shell operations to facilitate file viewing.\n
SKILL.mddirects the agent to generate and potentially run commands such as!open,!xdg-open, or!startbased on the operating system.\n- This utilizes the
Bashtool to interact with the host environment and invoke the default browser for the generated HTML output.
Audit Metadata