Skills
skills/kimjuyoung1127/signalcraftweb/landing-page-guide-v2/Gen Agent Trust Hub

landing-page-guide-v2

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using npx shadcn-ui@latest add to install UI components during project setup.
  • [EXTERNAL_DOWNLOADS]: Fetches components and dependencies from the official npm registry via the ShadCN CLI, which is a well-known industry tool.
  • [PROMPT_INJECTION]: The skill processes untrusted user data (product names, descriptions, and features) to generate landing page code, representing a surface for indirect prompt injection. \n
  • Ingestion points: User-provided brand details and product information are interpolated directly into components such as Hero.tsx and Benefits.tsx. \n
  • Boundary markers: No specific delimiters or "ignore previous instructions" warnings are used to wrap user-provided data. \n
  • Capability inventory: The skill performs file system writes (creating components), network access (via npm), and shell command execution. \n
  • Sanitization: There is no evidence of sanitization or validation logic for external content before it is placed into the generated code.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 02:33 AM