website-finishing-director
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill provides legitimate instructions for website auditing and quality assurance.
- [DATA_EXPOSURE]: The skill requires access to a target website's URL or source code to perform its function. This is standard behavior for auditing tools; no unauthorized data exfiltration or hardcoded credential patterns are present.
- [REMOTE_CODE_EXECUTION]: The content does not contain any commands for remote script execution or unauthorized software installation. Technical notes regarding package management (e.g., npm) are provided as advice for the user's local development environment rather than instructions for the agent to execute.
- [PROMPT_INJECTION]: The instructions are task-oriented and do not contain attempts to override safety filters, bypass constraints, or extract system prompts.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from external websites. While this creates a surface for indirect prompt injection—where a website could contain instructions intended to manipulate the audit results—the skill's capabilities are limited to evaluation and reporting. It lacks high-risk capabilities (such as file-system writes or unauthorized network requests) that would make such an injection actionable.
- Ingestion points: Reads live URL content or codebase access (SKILL.md)
- Boundary markers: Not explicitly defined for the external content ingestion
- Capability inventory: Reporting and scoring only; no subprocess execution or file-system modifications detected
- Sanitization: Not explicitly mentioned for the website evaluation process
Audit Metadata