design
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions specify installing the
@chenglou/pretextpackage from the NPM registry to handle multiline text planning.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection through its website cloning functionality. It directs the agent to replicate the structure and content of external websites provided via URL, which could host malicious instructions intended to manipulate the agent's code generation.\n - Ingestion points: External website content and screenshots accessed via URL (SKILL.md).\n
- Boundary markers: None specified; the instructions mandate 1:1 visual parity.\n
- Capability inventory: Generates production-ready frontend code (React, JavaScript, Tailwind CSS).\n
- Sanitization: No sanitization or filtering of the scraped HTML content is described.
Audit Metadata