competitive-landing-page
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It collects untrusted data from users and external platforms (like G2 or Capterra review quotes) and incorporates this content directly into generated HTML files. There are no boundary markers or sanitization instructions to prevent malicious scripts from being injected into the output.
- Ingestion points: Product identity, differentiators, testimonials, and competitor review quotes collected in Acts 1 and 2.
- Boundary markers: Absent. The instructions do not define delimiters for untrusted data.
- Capability inventory: The skill writes HTML and Markdown files to the local file system.
- Sanitization: Validation rules focus on marketing quality (e.g., 'not generic') rather than technical security (e.g., escaping HTML characters).
- [EXTERNAL_DOWNLOADS]: The skill instructions include logic to 'fetch' logo SVGs from user-provided URLs if markup is not directly provided. This creates a surface for the agent to interact with untrusted remote servers.
- [COMMAND_EXECUTION]: The skill documentation provides pre-written deployment commands (e.g.,
vercel --prod,netlify deploy). While intended as user guidance, these can be manipulated by an attacker who successfully performs an injection into the skill's content, potentially tricking a user into running malicious commands.
Audit Metadata