product-showcase
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from user-provided URLs during app exploration, creating a surface for indirect prompt injection. * Ingestion points: The agent navigates and captures data from the 'App URL' provided at runtime (SKILL.md). * Boundary markers: Absent; there are no instructions to help the agent distinguish between its objective and potential instructions embedded in the target web content. * Capability inventory: Browser automation (Chrome/Playwright), file system modification (creating the showcase directory), and shell command execution. * Sanitization: Absent; the skill does not specify validation or filtering of the retrieved web content.
- [REMOTE_CODE_EXECUTION]: The skill generates and executes a local Python script using the PIL library to assemble captured screenshots into animated GIFs (SKILL.md).
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for local previewing (python3 http.server) and cloud deployment (npx wrangler deploy).
Audit Metadata