storefront-branding
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill manages its own runtime environment by automatically installing Node.js dependencies from the public npm registry. The script
scripts/webcrawler/scripts/run-webcrawler.shinvokesnpm installornpm ciif the dependency directory is not found. - [COMMAND_EXECUTION]: The skill automates project lifecycle tasks. The
workflowcommand inscripts/webcrawler/src/commands/workflow.jsexecutes shell commands defined in the project'spackage.json(such asbuild,typecheck, andpush) usingchild_process.spawn. - [REMOTE_CODE_EXECUTION]: The skill performs dynamic module loading. In
scripts/webcrawler/src/lib/fetch-page.js, theloadOptionalModulefunction uses theimport()statement with computed paths to dynamically load theplaywrightlibrary if available. - [PROMPT_INJECTION]: The skill's web scraping capabilities create an indirect prompt injection surface.
- Ingestion points: Untrusted HTML content is fetched from external URLs in
scripts/webcrawler/src/lib/fetch-page.js. - Boundary markers: The skill lacks explicit markers or instructions to isolate scraped content from the agent's core logic.
- Capability inventory: The skill can modify sensitive project files (
branding-presets.ts,.env) and execute arbitrary build scripts. - Sanitization: While the crawler parses HTML structure, it does not specifically sanitize the resulting text or metadata to prevent malicious instructions from influencing the branding proposal generation process.
Audit Metadata