Skills
skills/chandima/rds-lp-factory/reference-to-landing-page/Gen Agent Trust Hub

reference-to-landing-page

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts and processes text content, metadata, and accessibility trees from untrusted external URLs.
  • Ingestion points: Untrusted data enters the agent context through the browser_navigate and browser_snapshot tools as described in Step 1 of the workflow in SKILL.md.
  • Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore' instructions to prevent the agent from obeying commands embedded within the reference website's content.
  • Capability inventory: The skill has the capability to write new files (pages/*.vue, assets/content/*.json) and execute browser-based JavaScript.
  • Sanitization: There is no evidence of sanitization or validation of the extracted website content before it is used to drive the code generation process.
  • [COMMAND_EXECUTION]: The skill utilizes the browser_execute_javascript tool via the Playwright MCP server. While the script strings provided in the workflow (e.g., document.body.scrollHeight) are static and safe, the use of this capability on arbitrary user-provided pages is a design pattern that requires awareness.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 10:25 PM