html-report

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, prompt injections, or security vulnerabilities were identified in the skill instructions, templates, or scripts.
  • [COMMAND_EXECUTION]: The scripts/build_report.py script uses subprocess.Popen to open the generated report in the system's default web browser. This is an intended helper function for developer feedback. The implementation is secure as it validates that the target path is an existing file using is_file() and avoids shell command injection by passing arguments as a list.
  • [REMOTE_CODE_EXECUTION]: The skill does not download or execute remote code. All logic is performed locally using the Python standard library without external dependencies.
  • [DATA_EXFILTRATION]: No network activity was detected. The skill reads local files and writes the inlined CSS back to the generated report, but does not transmit data to external servers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 05:59 PM
Security Audit — agent-trust-hub — html-report