landing-page-generator

The landing-page-generator appears functionally benign and appropriate for generating static project landing sites. The primary security risks are operational rather than overtly malicious: accidental exposure of sensitive repository content (copied verbatim into public HTML and a client-visible search index), and the power of the generated GitHub Actions workflow (unspecified content) which, if committed, can execute remote actions and misuse repository secrets. No explicit indicators of malware (data exfiltration endpoints, reverse shells, credential-harvesting code) are present in the provided description, but the unspecified workflow and unpinned client-side CDN introduce supply-chain and CI risks. Users should inspect generated workflows and search-data.js, pin third-party libs, and avoid committing outputs without review.