landing-page-optimizer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface identified. The skill is designed to ingest and process content from external URLs and screenshots, which could contain hidden instructions to manipulate the agent's output. Evidence chain: 1. Ingestion points: 'SKILL.md' specifies diagnosing a 'page URL, mock, or brief'. 2. Boundary markers: Absent; there are no instructions for the agent to use delimiters or ignore embedded instructions in external content. 3. Capability inventory: The skill is limited to text generation and analysis; it has no script execution or file writing capabilities. 4. Sanitization: Absent; the instructions do not include steps to filter or sanitize input from the analyzed pages.
- [NO_CODE] (SAFE): This skill consists solely of Markdown documentation and does not include any Python or Node.js scripts, or shell commands, minimizing its threat profile.
Audit Metadata