learn-anything
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from untrusted sources like GitHub repositories, arbitrary URLs, and PDF files. There are no instructions to sanitize this content or ignore embedded instructions within the source material before rendering. * Ingestion points: Phase 1 (GitHub, WebFetch, PDF tool). * Boundary markers: Absent. * Capability inventory: Generates HTML widgets with embedded JavaScript (Mermaid, p5.js, D3.js). * Sanitization: No escaping or validation is specified for the input data.
- [REMOTE_CODE_EXECUTION]: The skill performs dynamic generation of HTML and JavaScript. Since the slide content is derived from untrusted external inputs, this could facilitate the execution of malicious scripts (XSS) within the user's browser context during widget rendering.
- [EXTERNAL_DOWNLOADS]: The HTML template references third-party JavaScript libraries via the jsdelivr.net CDN. These resources are from a well-known and trusted service provider.
Audit Metadata