artifact-explainer
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill incorporates external JavaScript and CSS resources from the official jQuery CDN (code.jquery.com). These resources originate from a well-known service and the skill uses Subresource Integrity (SRI) hashes to verify file authenticity and prevent third-party tampering.\n- [PROMPT_INJECTION]: The skill populates HTML templates with user-provided data via placeholders such as
{{TOPIC_TITLE}}and{{SECTION_WHAT_BODY}}. This represents a surface for indirect prompt injection or Cross-Site Scripting (XSS) if the ingested data contains malicious markup. However, this surface is essential for the skill's primary purpose of creating tailored interactive documents.\n - Ingestion points: templates/explainer.html\n
- Boundary markers: Absent\n
- Capability inventory: HTML and client-side JavaScript artifact generation\n
- Sanitization: Absent
Audit Metadata