landing-page-creator
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill logic and templates adhere to security best practices for static content, such as generating self-contained HTML without external script or font dependencies.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by incorporating data from external web searches into its generated output.
- Ingestion points: Product research data gathered via
web_searchand user input inSKILL.md(Step 1). - Boundary markers: Absent; research data is interpolated directly into the HTML templates.
- Capability inventory: The skill generates a complete HTML file provided to the user as output.
- Sanitization: No explicit content validation or sanitization rules are defined for the data retrieved from external sources before its inclusion in the HTML.
- [SAFE]: The skill includes a link to
list.affitor.com, which is a vendor-owned resource belonging to the author (affitor).
Audit Metadata