map-generator
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it lacks sanitization for user-provided data.
- Ingestion points: User input gathered in Step 1 (Map Purpose, Region, Markers, title, descriptions) is used to populate templates in
main.html,script.js, andindex.md. - Boundary markers: The skill does not instruct the agent to use boundary markers or delimiters when processing user-provided content.
- Capability inventory: The skill creates multiple files on the filesystem (
main.html,style.css,script.js,index.md,metadata.json) and modifies the project configuration (mkdocs.yml). - Sanitization: No sanitization or validation logic is defined for the placeholders (e.g.,
{{TITLE}},{{MARKERS_JSON}},{{OVERVIEW_TEXT}}). An attacker could provide input containing<script>tags or malicious Markdown that would be executed or rendered in the final output. - [EXTERNAL_DOWNLOADS]: The skill references several external resources from well-known and trusted services.
- Leaflet Library: Fetches
leaflet.jsandleaflet.cssfromunpkg.com. The templates correctly include Subresource Integrity (SRI) hashes. - Tile Layers: Recommends using map tiles from OpenStreetMap (
openstreetmap.org) and Esri (arcgisonline.com). These are established geographic service providers.
Audit Metadata