web-app
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because it transforms user input into executable web application code hosted in a sandbox. Without explicit sanitization, malicious user data could lead to cross-site scripting (XSS) in the generated preview.
- Ingestion points: User requests and data are used by the agent to populate the 'content' field for files like 'index.html' (SKILL.md).
- Boundary markers: Absent. The skill does not provide instructions for the agent to use delimiters or to disregard instructions embedded within user data.
- Capability inventory: The skill has the ability to write multiple files and delete existing paths within a remote sandbox environment (SKILL.md, skill-router.json).
- Sanitization: Absent. There are no requirements or mechanisms specified within the skill to sanitize or validate the content provided by the user before it is published.
- [COMMAND_EXECUTION]: The skill facilitates the execution of code within a managed E2B sandbox. This is the intended primary purpose of the skill, and E2B is a recognized service for isolated code execution, minimizing risks to the local environment.
Audit Metadata