pretext
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches typography and layout libraries, including
@chenglou/pretextandopentype.js, from well-known and reputable content delivery networks such asesm.shandjsdelivr.net. - [EXTERNAL_DOWNLOADS]: Downloads font binaries in
.woffformat from the@fontsourceproject viajsdelivrto enable per-glyph SVG path rendering and analysis. - [COMMAND_EXECUTION]: Provides a local utility script (
scripts/validate_pretext.py) designed to lint and validate the best-practice compliance of generated HTML files, including checks for viewport meta tags and font readiness handling. - [SAFE]: Generated HTML templates implement a secure rendering model by using
CanvasRenderingContext2D.fillTextandNode.textContent. These APIs treat user-provided text as data rather than executable code, effectively mitigating the risk of Cross-Site Scripting (XSS) or indirect prompt injection. - [SAFE]: All external dependencies are version-pinned and sourced from established technology organizations, ensuring a stable and verifiable supply chain for the skill's components.
Audit Metadata