generate-import-html
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill acts on untrusted data, providing an attack surface where instructions embedded in source material could influence agent behavior.\n
- Ingestion points: Reads external content and structure from
cleaned.htmlandmetadata.json(originated from thescrape-webpageskill).\n - Boundary markers: Absent. The instructions explicitly command a 'COMPLETE content import' and forbid truncation, meaning all source data is processed without delimiters.\n
- Capability inventory: The skill writes new files to the filesystem and executes shell commands (
mkdir,cp) using paths derived from input data.\n - Sanitization: No sanitization or validation of input HTML or metadata strings is performed before they are used in filesystem operations.\n- [Command Execution] (LOW): The skill utilizes shell commands to manage local directories and assets during the migration process.\n
- Evidence: The 'Images Folder Management' section instructs the agent to use
mkdir -pandcp -rto move image folders to locations specified by thepaths.htmlFilePathproperty in the metadata. While standard for migration tasks, executing commands based on externally sourced paths is a potential risk factor.
Audit Metadata