icp-website-review
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of instructions and does not include any executable scripts or binary files.
- [EXTERNAL_DOWNLOADS]: The skill fetches data from external websites using WebFetch and WebSearch, including well-known review platforms like G2 and Capterra.
- [PROMPT_INJECTION]: The skill involves processing untrusted external data from websites which creates a surface for indirect prompt injection. 1. Ingestion points: Website content fetched via WebFetch in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: WebFetch, WebSearch, and file-write to local client directories. 4. Sanitization: Absent.
Audit Metadata