mockup-device-3d
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's example code references official CDNs for Tailwind CSS and Google Fonts. These are well-known, trusted technology services and do not pose a security risk in this context.
- [DATA_EXFILTRATION]: There is no evidence of data exfiltration. The skill specifically mandates the use of CSS and SVG for rendering devices rather than external image URLs, which minimizes exposure to tracking or unauthorized external requests.
- [PROMPT_INJECTION]: The skill instructions do not contain any attempt to override system prompts or bypass safety guidelines. The language is focused on design constraints and structural requirements.
- [INDIRECT_PROMPT_INJECTION]: The skill provides a surface for ingesting user data into the generated HTML. However, as its purpose is strictly for static visual rendering in a localized context, and it contains no executable system capabilities, the risk is minimal. It includes explicit instructions for the AI to use real data instead of placeholders, improving output quality.
- [SAFE]: Overall, the skill follows safe development practices by avoiding unsafe HTML attributes like srcdoc and relying on standard web technologies for its primary purpose.
Audit Metadata