artifact-plan
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, executable code, or suspicious remote references were found. The skill is designed to structure user-provided technical information into polished HTML artifacts.
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection as it interpolates untrusted user content (e.g.,
{{ORIGINAL_REQUEST_QUOTE}}) directly into HTML templates. Evidence includes ingestion points intemplates/implementation-plan.html,templates/comparison-sheet.html, andtemplates/roadmap.html. Boundary markers and sanitization instructions are absent. However, the capability inventory is limited to document generation with no risky operations like subprocess execution or network calls, making this a standard and acceptable risk for template-based formatting skills.
Audit Metadata