map-generator

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it lacks sanitization for user-provided data.
  • Ingestion points: User input gathered in Step 1 (Map Purpose, Region, Markers, title, descriptions) is used to populate templates in main.html, script.js, and index.md.
  • Boundary markers: The skill does not instruct the agent to use boundary markers or delimiters when processing user-provided content.
  • Capability inventory: The skill creates multiple files on the filesystem (main.html, style.css, script.js, index.md, metadata.json) and modifies the project configuration (mkdocs.yml).
  • Sanitization: No sanitization or validation logic is defined for the placeholders (e.g., {{TITLE}}, {{MARKERS_JSON}}, {{OVERVIEW_TEXT}}). An attacker could provide input containing <script> tags or malicious Markdown that would be executed or rendered in the final output.
  • [EXTERNAL_DOWNLOADS]: The skill references several external resources from well-known and trusted services.
  • Leaflet Library: Fetches leaflet.js and leaflet.css from unpkg.com. The templates correctly include Subresource Integrity (SRI) hashes.
  • Tile Layers: Recommends using map tiles from OpenStreetMap (openstreetmap.org) and Esri (arcgisonline.com). These are established geographic service providers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 08:33 AM
Security Audit — agent-trust-hub — map-generator