Skills
skills/lxgicstudios/ai-landing/landing-gen/Gen Agent Trust Hub

landing-gen

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill uses a CLI interface (commander) to perform file system operations. It reads package.json and writes a generated HTML file to the local disk. These are standard operations for a developer tool.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability detected in src/index.ts. The skill reads the entire contents of a package.json file and interpolates it directly into the OpenAI chat completion prompt.
  • Ingestion points: Reads package.json from the project directory in src/index.ts (line 11).
  • Boundary markers: Minimal. It uses a simple newline delimiter (Generate a landing page for this project:\n\n${context}) which is insufficient to prevent an attacker from including malicious instructions inside the description or other fields of the package.json file to hijack the LLM's behavior.
  • Capability inventory: The skill has the capability to write files to the local file system (fs.writeFileSync) and read files (fs.readFileSync).
  • Sanitization: None. The raw string from the file is passed to the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:37 PM