product-showcase
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted content from user-provided URLs to extract feature descriptions and marketing copy. Maliciously crafted content on a target site could potentially influence the agent's logic or the generated output.
- Ingestion points: Target Application URL (SKILL.md, Workflow Step 2).
- Boundary markers: No specific delimiters or instructions are provided to the agent to treat site content as untrusted data.
- Capability inventory: Browser automation (navigation, clicking, screenshotting) and file system writes (HTML and image files).
- Sanitization: No sanitization or validation of extracted text is performed before it is incorporated into the generated showcase page.
- [DATA_EXFILTRATION]: The skill captures screenshots of the target application, including authenticated sessions. If used on private or internal tools, this could lead to the unintended exposure of sensitive data (such as PII, secrets, or internal business logic) by saving it to the local
showcase/screenshots/directory. - [COMMAND_EXECUTION]: The workflow instructs the agent to automatically click every navigation item and major UI element within a browser environment. If the agent is authenticated, this systematic interaction could inadvertently trigger state-changing or destructive actions (e.g., 'Delete' or 'Submit') without explicit user confirmation.
Audit Metadata