build-glance

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: The skill serves as a documentation and development aid for the Glance dashboard software. It encourages secure configuration practices, native feature usage, and provides extensive guidance on avoiding common anti-patterns such as hardcoding credentials.
  • [PROMPT_INJECTION]: The skill enables the creation of widgets that fetch and process external data, creating an indirect prompt injection surface as defined in Category 8.
  • Ingestion points: External HTTP endpoints used in custom-api and extension widgets, as documented in SKILL.md and references/custom-api-core.md.
  • Boundary markers: The skill does not explicitly instruct the agent to include boundary markers or "ignore embedded instructions" warnings in the generated templates.
  • Capability inventory: The generated configurations can perform network operations (GET/POST) and render HTML (for extensions).
  • Sanitization: The skill recommends basic normalization of external data, such as clamping numeric values and handling null/unavailable states, but does not provide advanced sanitization for free-text ingestion.
  • [EXTERNAL_DOWNLOADS]: The skill describes the legitimate use of external HTTP requests to fetch data for display. This is a core feature of the software and is documented with clear instructions to use environment variables for secret management, minimizing risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 05:10 PM
Security Audit — agent-trust-hub — build-glance