poster-hero
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches styling and assets from well-known technology services.
- Loads the Tailwind CSS library via the official CDN at
cdn.tailwindcss.com. - Imports web fonts from the Google Fonts service (
fonts.googleapis.com). - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external text to generate content.
- Ingestion points: User-provided marketing copy, headlines, and feature descriptions are ingested to populate the HTML templates described in
SKILL.md. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the prompt templates.
- Capability inventory: The skill generates HTML and SVG code which is rendered by the agent or the user's browser.
- Sanitization: No validation or sanitization of the input text is implemented before it is interpolated into the HTML output.
Audit Metadata