Skills
skills/olakunlevpn/olakunlevpn-artifact-skills/artifact-deck/Gen Agent Trust Hub

artifact-deck

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill defines an HTML template that interpolates untrusted user input into a document structure containing JavaScript, creating a surface for indirect prompt injection.
  • Ingestion points: User-provided content is inserted into multiple placeholders in templates/arrow-key-deck.html, including {{DECK_TITLE}}, {{ONE_BIG_STATEMENT}}, and {{CALL_TO_ACTION}}.
  • Boundary markers: No specific delimiters or safety instructions are used to separate user data from the HTML/JS structure.
  • Capability inventory: The resulting artifact contains navigation logic (keyboard events, hash routing), but does not possess capabilities for file system access, shell execution, or network communication.
  • Sanitization: The template does not implement or mandate HTML escaping or sanitization of user-provided strings before they are rendered in the slide deck.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 11:45 PM
Security Audit — agent-trust-hub — artifact-deck