web-design
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/deploy.py) using the Python standard library to interact with the Cloudflare API for project deployment.
- [EXTERNAL_DOWNLOADS]: The generated HTML templates reference various frontend assets and libraries (Tailwind CSS, Chart.js, Font Awesome, etc.) from well-known CDN services like jsDelivr, Cloudflare, and unpkg.
- [CREDENTIALS_UNSAFE]: The skill relies on a Cloudflare API token stored in a local configuration file (scripts/config.json). It provides a template (scripts/config.json.example) with placeholders to guide the user in setting up this credential.
- [PROMPT_INJECTION]: The skill demonstrates a vulnerability surface for indirect prompt injection. 1. Ingestion points: User requests for webpage generation in SKILL.md. 2. Boundary markers: None identified. 3. Capability inventory: Local script execution (deploy.py) for network uploads to Cloudflare and file creation. 4. Sanitization: No explicit sanitization or validation of the generated HTML content is performed before deployment.
Audit Metadata