render-html
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided Markdown and JSON content, which is an inherent surface for indirect prompt injection or XSS.
- Ingestion points: Reads artifact files (MD/JSON) and sidecar state files as input to the rendering process.
- Boundary markers: The skill uses a structured prompt for the independent Codex review step, although it does not implement formal delimiters for the processed content itself.
- Capability inventory: The skill has read/write file access and can execute shell commands via the Bash tool.
- Sanitization: The rendering script (
render_html.py) implements both standard HTML escaping and a dedicated sanitization function to strip dangerous tags (e.g.,<script>,<iframe>) and event handlers. - [EXTERNAL_DOWNLOADS]: The generated reports fetch styling and mathematical rendering assets from
cdn.jsdelivr.net, which is a well-known and trusted content delivery network. - [COMMAND_EXECUTION]: The skill uses
gitcommands to resolve repository-relative paths for metadata inclusion. This is a standard project operation and uses static command arguments.
Audit Metadata