Skills
skills/zackbart/skills/scratch-html/Gen Agent Trust Hub

scratch-html

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local shell script, index.sh, to regenerate the index.html dashboard whenever a new file is created.
  • [EXTERNAL_DOWNLOADS]: The index.sh script references typography and style assets from Google Fonts (fonts.googleapis.com and fonts.gstatic.com) to render the generated index dashboard.
  • [PROMPT_INJECTION]: Potential surface for indirect prompt injection or data poisoning within the generated index.html dashboard.
  • Ingestion points: The index.sh script parses the <title> metadata from all HTML files located in the ~/.scratch/ directory to build the navigation list.
  • Boundary markers: Absent. Titles extracted from external files are interpolated into the dashboard without explicit delimiters or warnings for the agent.
  • Capability inventory: The skill allows the agent to read and write files within the user's home directory (specifically ~/.scratch/) and execute local bash scripts.
  • Sanitization: The script performs minimal sanitization on extracted titles using a basic regular expression (sed -e 's/<[^>]*>//g'), which may be insufficient if a processed file contains malicious instructions or scripts designed to influence the agent or browser.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 05:47 PM
Security Audit — agent-trust-hub — scratch-html