Skills
skills/fortunto2/solo-factory/solo-landing-gen/Gen Agent Trust Hub

solo-landing-gen

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected. The skill's behavior aligns with its documented purpose of generating marketing copy and scaffolding project files.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests data from local project files (PRDs, READMEs) and has the capability to modify the filesystem or execute shell commands.
  • Ingestion points: Product information is read from PRD, README, or research.md (Step 3).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used for the ingested data.
  • Capability inventory: The skill utilizes Write, Edit, and Bash tools, which allow for filesystem modification.
  • Sanitization: The skill performs structured extraction of specific fields (e.g., "Problem", "Solution", "Features"), which implicitly sanitizes the input by ignoring irrelevant or potentially malicious instruction blocks.
  • [COMMAND_EXECUTION]: The skill requests the Bash tool to detect project frameworks (e.g., Astro or Next.js) by checking for configuration files. This is a legitimate use of the tool for environment detection and scaffolding.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes an MCP tool (mcp__solograph__web_search) to perform web searches for competitor analysis. This is an expected part of the research workflow and does not involve downloading or executing untrusted code.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 09:51 AM