Skills
skills/gooseworks-ai/gooseworks-skills/landing-page-intel/Gen Agent Trust Hub

landing-page-intel

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses the requests library in scripts/scrape_landing_page.py to fetch content from external URLs provided via the command line.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It extracts content from external websites, including HTML comments, metadata, and headings, which are then presented to the agent. An attacker could place malicious instructions in these fields on a target website to influence the agent's subsequent actions.
  • Ingestion points: scripts/scrape_landing_page.py (fetches HTML from external URLs).
  • Boundary markers: Absent. The extracted data is returned as plain strings within the JSON or summary output.
  • Capability inventory: The skill performs network GET requests.
  • Sanitization: Headings are stripped of HTML tags, but most content (including comments and meta tags) is returned as extracted.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 10:13 AM