editorial-collage-deck
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection (specifically cross-site scripting within the generated artifact) due to the direct interpolation of untrusted content into HTML.\n
- Ingestion points: User-controlled text from
inputs.json(such astitle,body, andbullets) is ingested by thescripts/compose.tsgenerator script.\n - Boundary markers: Absent; the template does not use delimiters or include instructions for the agent to ignore potentially malicious embedded content in the input fields.\n
- Capability inventory: The skill utilizes
file-writeto generate the HTML file andnode-runtimeto execute the composition logic.\n - Sanitization: Absent; the script interpolates input strings directly into the HTML structure without escaping or validating the content, allowing for the inclusion of arbitrary HTML tags.\n- [EXTERNAL_DOWNLOADS]: The skill's output references external resources from well-known services.\n
- The generated HTML files link to Google Fonts services (
fonts.googleapis.comandfonts.gstatic.com).
Audit Metadata