Skills
skills/majesticlabs-dev/majestic-marketplace/landing-page-builder/Gen Agent Trust Hub

landing-page-builder

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection through its 'CRO Audit Mode'.
  • Ingestion points: The skill uses the WebFetch tool to ingest content from arbitrary URLs provided by the user for auditing purposes.
  • Boundary markers: There are no defined delimiters or 'ignore embedded instructions' warnings in the prompt logic to separate the fetched webpage content from the agent's internal instructions. This allows an attacker to host a webpage with malicious instructions that the agent might follow.
  • Capability inventory: The skill is granted Write and Edit tool permissions. If an indirect prompt injection is successful, the agent could be manipulated into modifying or deleting local files.
  • Sanitization: The skill lacks any instructions to sanitize, escape, or validate the content retrieved from external URLs before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 04:28 PM