og-image
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill possesses a high-risk Indirect Prompt Injection surface (Category 8). It ingests untrusted metadata from the project's package.json, landing pages, and existing meta tags (Ingestion Points: SKILL.md Phase 1). There are no boundary markers or delimiters used when processing this data. The skill uses these values to generate new React/Astro components and modify critical layout files like layout.tsx or _app.tsx (Capability Inventory: SKILL.md Phase 2 and 4). No sanitization or escaping is performed on the extracted strings, allowing a malicious project description to potentially inject code or instructions into the site's codebase.
- COMMAND_EXECUTION (MEDIUM): The skill executes Playwright browser commands and performs significant file system writes, including creating new routes and modifying existing project configuration (SKILL.md Phase 3 and 4). While these align with the skill's stated purpose, the lack of input validation for the data used in these operations creates a risk of misconfiguration or code injection.
Recommendations
- AI detected serious security threats
Audit Metadata