design-website
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its intended function of generating website mockups without any detected security risks. All logic is transparent and focused on the stated purpose.
- [EXTERNAL_DOWNLOADS]: Fetches stock images from Unsplash (via official API) and Lorem Picsum, which are well-known and trusted image services. It also loads typography from Google Fonts.
- [COMMAND_EXECUTION]: Executes local Python scripts (
read_prospect.pyandgenerate_website.py) to automate the workflow. These scripts use standard libraries and follow best practices for data handling. - [DATA_EXFILTRATION]: Accesses prospect data from Google Sheets using user-provided credentials. This data is processed locally to generate the mockup and is not transmitted to any unauthorized external domains.
- [PROMPT_INJECTION]: While the skill ingests external data from Google Sheets, it utilizes
html.escapefor all interpolated content in the final HTML output, effectively preventing Cross-Site Scripting (XSS) and injection vulnerabilities.
Audit Metadata