Skills
skills/river-walras/virtus/html-canvas/Gen Agent Trust Hub

html-canvas

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from multiple sources (files, URLs, browser context, MCP queries) to populate generated HTML files (SKILL.md, step 6).
  • Ingestion points: Data enters the agent's context through the sources parameter and tools like WebFetch (SKILL.md, step 6).
  • Boundary markers: The instructions do not mandate the use of delimiters or warnings to ignore instructions embedded in the ingested data.
  • Capability inventory: The skill possesses the ability to write to the file system and execute shell commands via the open utility (SKILL.md, step 12).
  • Sanitization: There is no requirement for the agent to sanitize, escape, or filter external content before interpolating it into the final HTML document.
  • [COMMAND_EXECUTION]: The skill utilizes the shell command open <output_path> to display the generated artifact to the user (SKILL.md, step 12). While this is intended behavior for opening the resulting HTML file in a browser, it involves executing a shell command with a parameter derived from user input.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 03:48 PM