icp-website-audit
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it ingests and processes untrusted data from external websites during its audit phases.
- Ingestion points: Automated crawling of client and competitor websites (Phases 2 and 3), and web search results for company research (Phase 1) in SKILL.md.
- Boundary markers: The instructions do not specify any delimiters or safety prompts to distinguish between system instructions and processed web content.
- Capability inventory: The skill has the ability to write files to the local file system (within the "clients/" directory) and execute other internal skills like "icp-persona-builder" and "icp-website-review". A successful injection could leverage these capabilities to manipulate saved reports or influence downstream processes.
- Sanitization: There is no evidence of content sanitization or instruction filtering for fetched web data before it is analyzed by the agent.
Audit Metadata