swiss-creative-mode-template

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates entirely within its local environment to generate presentation templates. It does not perform network operations, exfiltrate data, or access sensitive system files like SSH keys or environment secrets.
  • [SAFE]: The JavaScript contained in the provided HTML template is used exclusively for UI interactions such as navigation, theme toggling, and palette manipulation. No obfuscation, dynamic code execution (eval/exec), or external script loading was detected.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted content from a local DESIGN.md file to configure the output style. This is considered low risk and consistent with its primary purpose as a design-aware template generator.
  • Ingestion points: Reads from DESIGN.md to map palette and typography.
  • Boundary markers: No explicit delimiters or instructions are used to separate user data from instructions.
  • Capability inventory: The skill has file_write permissions to output the final index.html artifact.
  • Sanitization: No explicit input validation or sanitization of the design file is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:15 PM
Security Audit — agent-trust-hub — swiss-creative-mode-template