product-detail
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill and its referenced files contain no malicious instructions or suspicious patterns. The functionality is limited to designing layouts and generating static or component-based web code based on user-provided descriptions.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted user-supplied product data to generate page copy and code components.\n
- Ingestion points: Product details (name, features, price, images) entered by the user via the checklist in
SKILL.md.\n - Boundary markers: No specific delimiters are employed to isolate user-supplied strings from the agent's internal instructions during the generation process.\n
- Capability inventory: The skill utilizes the sequential thinking tool and generates executable client-side code (HTML, JavaScript, React/Next.js).\n
- Sanitization: The skill relies on manual human review via a 'QA Checklist' and legal compliance warnings in
platform-specs.mdrather than technical input sanitization.
Audit Metadata