build-glance
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill serves as a documentation and development aid for the Glance dashboard software. It encourages secure configuration practices, native feature usage, and provides extensive guidance on avoiding common anti-patterns such as hardcoding credentials.
- [PROMPT_INJECTION]: The skill enables the creation of widgets that fetch and process external data, creating an indirect prompt injection surface as defined in Category 8.
- Ingestion points: External HTTP endpoints used in
custom-apiandextensionwidgets, as documented inSKILL.mdandreferences/custom-api-core.md. - Boundary markers: The skill does not explicitly instruct the agent to include boundary markers or "ignore embedded instructions" warnings in the generated templates.
- Capability inventory: The generated configurations can perform network operations (GET/POST) and render HTML (for extensions).
- Sanitization: The skill recommends basic normalization of external data, such as clamping numeric values and handling null/unavailable states, but does not provide advanced sanitization for free-text ingestion.
- [EXTERNAL_DOWNLOADS]: The skill describes the legitimate use of external HTTP requests to fetch data for display. This is a core feature of the software and is documented with clear instructions to use environment variables for secret management, minimizing risk.
Audit Metadata