html-report
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or security vulnerabilities were identified in the skill instructions, templates, or scripts.
- [COMMAND_EXECUTION]: The
scripts/build_report.pyscript usessubprocess.Popento open the generated report in the system's default web browser. This is an intended helper function for developer feedback. The implementation is secure as it validates that the target path is an existing file usingis_file()and avoids shell command injection by passing arguments as a list. - [REMOTE_CODE_EXECUTION]: The skill does not download or execute remote code. All logic is performed locally using the Python standard library without external dependencies.
- [DATA_EXFILTRATION]: No network activity was detected. The skill reads local files and writes the inlined CSS back to the generated report, but does not transmit data to external servers.
Audit Metadata