web-page-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command to verify generated prototypes in
prototype-restoration.md. Specifically, it runsnode scripts/check-app-ready.mjs /prototypes/[页面名]. While the instructions specify a naming convention (lowercase, numbers, hyphens), the[页面名]argument is derived from external page metadata or user input, posing a potential command injection risk if naming constraints are not strictly enforced by the agent. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from untrusted external web pages to generate executable code and documentation.
- Ingestion points: Data is retrieved from external websites using tools like
get_page_markdown,get_page_theme, andget_page_map(referenced inasset-extraction.md,data-generation.md, andprototype-restoration.md). - Boundary markers: The instructions do not define clear delimiters or specific instructions for the agent to ignore potentially malicious directions embedded within the retrieved web content.
- Capability inventory: The skill has the capability to write files (
.tsx,.css,.json,.md) to the local project structure (src/,temp/) and execute a verification script vianode(as noted inprototype-restoration.md). - Sanitization: There is no mention of sanitizing or filtering the content fetched from external URLs before it is interpolated into code generation prompts or written to the filesystem.
Audit Metadata