Skills
skills/veelenga/preview-skills/preview-plan/Gen Agent Trust Hub

preview-plan

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads required JavaScript libraries from a well-known CDN with integrity verification.
  • Evidence: marked, dompurify, and mermaid are loaded from cdn.jsdelivr.net with SRI hashes in config.sh.
  • [COMMAND_EXECUTION]: Executes system commands to open the default web browser for previewing results.
  • Evidence: run.sh calls open_in_browser from lib/browser-utils.sh, which uses open, xdg-open, or start depending on the operating system.
  • [SAFE]: Implements path traversal protection for input files.
  • Evidence: validate_file_path in lib/browser-utils.sh validates file locations and checks for parent directory traversal patterns.
  • [SAFE]: Secures generated HTML using modern browser security headers and sanitization.
  • Evidence: lib/html-generator.sh applies a restrictive Content Security Policy (CSP), while templates/scripts/plan-renderer.js uses DOMPurify to sanitize markdown-generated HTML.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 09:38 AM