live-site-audit
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted content from external websites and local project codebases.
- Ingestion points: Untrusted data enters the agent context through live site URLs (accessed via browser tools) and local project files (accessed via
Read,Grep, andGlob) as described in SKILL.md. - Boundary markers: The prompt templates used for specialist orchestration lack delimiters or instructions to ignore directives embedded within the audited site content.
- Capability inventory: The skill has access to filesystem tools (
Read,Grep,Glob), browser tools (chrome-devtools), and the ability to spawn additional autonomous agents viaTask(), creating a significant impact surface if an injection influences the agent's logic. - Sanitization: There is no evidence of content sanitization or validation before data is processed by the orchestration logic or specialist agents.
- [COMMAND_EXECUTION]: The skill utilizes powerful filesystem and orchestration tools to perform its auditing functions, creating a broad capability surface.
- The agent is instructed to perform sequential analysis using
Read,Grep, andGlobtools to inspect local code patterns and configurations, which could potentially expose sensitive files if the audit scope is not properly restricted. - In Tier 2 environments, it uses the
Task()function to dynamically spawn and direct four separate specialist agents (performance-specialist,accessibility-specialist,security-specialist,code-quality-specialist) to process the project data.
Audit Metadata