html-ppt-zhangzara-pink-script
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The template references web fonts from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). These are standard and well-known services used for hosting web assets.
- [PROMPT_INJECTION]: The skill acts as a template for user data, creating a surface for indirect prompt injection where malicious instructions in user inputs could potentially affect the rendering or the agent's behavior during content generation.
- Ingestion points: User-provided headlines, body copy, and metadata are interpolated into the example.html file.
- Boundary markers: No specific boundary markers or 'ignore' instructions are used to delimit user data within the HTML template.
- Capability inventory: The skill includes a browser-side JavaScript component (assets/deck-stage.js) for handling UI state and navigation. It does not include Python, Node.js, or shell scripts for local execution or system interaction.
- Sanitization: There are no explicit sanitization or escaping mechanisms defined for the data being placed into the HTML structure.
Audit Metadata