ads
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates high security awareness by implementing comprehensive host and IP validation in its Python scripts (
analyze_landing.py,capture_screenshot.py, andfetch_page.py). These scripts explicitly check for private, loopback, and reserved IP ranges to prevent SSRF attacks during landing page analysis. - [SAFE]: The multi-agent orchestration logic used for parallel auditing is standard and does not exhibit any privilege escalation or persistence mechanisms.
- [SAFE]: No hardcoded credentials or sensitive file access patterns were identified. The tool correctly uses placeholders and standard API references for advertising platforms.
- [SAFE]: Although the skill processes external web content, which is a potential surface for indirect prompt injection, it is inherent to the skill's primary function (auditing websites). The potential risk is mitigated by the agent's internal safety layers.
- Ingestion points: The scripts
analyze_landing.pyandfetch_page.pyingest untrusted data from external URLs, including page titles, H1 headers, meta descriptions, and schema markup. - Boundary markers: Not explicitly defined within the scripts' data structures, relying on the calling agent's context management.
- Capability inventory: The skill can fetch web content, capture screenshots, and coordinate specialized sub-agents for advertising platform audits.
- Sanitization: The skill performs rigorous network-level sanitization (SSRF guards) before ingestion, though it does not modify the retrieved text content itself.
Audit Metadata