html-tools

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a development guide for creating client-side HTML/JavaScript utilities, providing standard implementation patterns for storage, file handling, and API communication.
  • [EXTERNAL_DOWNLOADS]: The skill suggests loading libraries from well-known and reputable Content Delivery Networks (CDNs) such as jsDelivr. These sources are considered well-known technology services.
  • Evidence: https://cdn.jsdelivr.net/pyodide/v0.24.1/full/pyodide.js and https://cdn.jsdelivr.net/npm/tesseract.js@4/dist/tesseract.min.js.
  • [CREDENTIALS_UNSAFE]: The skill explicitly instructs against hardcoding credentials. It recommends using localStorage to store user-provided API keys at runtime, which is a common pattern for serverless client-side tools to ensure keys are not baked into the source code or transmitted to a backend.
  • [COMMAND_EXECUTION]: While the skill discusses running Python (via Pyodide) or WebAssembly (via FFmpeg/Tesseract) in the browser, these operations occur within the client-side sandbox of the generated tool and are standard use cases for the libraries mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:39 PM
Security Audit — agent-trust-hub — html-tools