html-style
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to transform untrusted HTML data provided by the user. This creates a vulnerability surface for indirect prompt injection where malicious instructions could be embedded in the input content.
- Ingestion points: The skill reads user-provided HTML as its primary input in both SKILL.md and README.md.
- Boundary markers: No explicit delimiters or instructions to disregard embedded commands within the input HTML are provided.
- Capability inventory: The skill has the capability to inject JavaScript (localStorage and clipboard APIs) and CSS into the final output, and it generates deep links for external applications (Telegram, SMS).
- Sanitization: There are no instructions for sanitizing the untrusted input HTML or the generated output to prevent the execution of malicious scripts or styles.
- [DYNAMIC_EXECUTION]: The skill generates and injects JavaScript snippets into the styled HTML output at runtime. These snippets facilitate browser-side features such as saving text to localStorage (
saveDraft) and accessing the system clipboard. While these are standard UI enhancements, the injection of active content into output derived from untrusted sources without sanitization increases the risk of Cross-Site Scripting (XSS).
Audit Metadata