structured-data
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill analyzes external data from project files to automate metadata generation. ● Ingestion points: Specifically reads page files (TSX, HTML, Markdown) to extract titles, authors, and other metadata. ● Boundary markers: Lacks delimiters or instructions to ignore embedded commands in the source files being processed. ● Capability inventory: Accesses local files via grep and direct reading; generates executable Next.js code for the user. ● Sanitization: There is no evidence of sanitization or escaping performed on the extracted content before it is interpolated into the generated JSON-LD or React components.
- Command Execution (LOW): Uses the 'grep' utility for scanning existing implementations within the project codebase. ● Evidence: Step 2 explicitly employs grep to search for schema.org contexts and LD+JSON tags. ● Risk: Minimal, as the search patterns are static and used for discovery purposes rather than executing external code.
Audit Metadata