saas-launch-audit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local shell scripts (scripts/tech-audit.sh and scripts/competitor-visibility.sh) to perform technical audits. These scripts use system utilities like curl and openssl to check headers and SSL status. URL arguments are quoted to mitigate basic injection.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from external URLs. Ingestion points: Data is fetched from the target URL using WebFetch and browser tools. Boundary markers: The instructions do not define delimiters or ignore-instructions for the external content. Capability inventory: The skill can execute local scripts via Bash and perform web searches. Sanitization: While the audit script extracts the domain for technical checks, the natural language content retrieved is not sanitized before LLM processing.
Audit Metadata