finalize
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data which is then interpolated into code. * Ingestion points: The skill reads from
{output_root}/gallery/{id}/directions.jsonand accepts user-provided headlines, CTA text, and SEO meta information. * Boundary markers: There are no delimiters or instructions to ignore instructions embedded within the ingested data. * Capability inventory: The skill modifies HTML and CSS files and performs directory deletion and file movement operations. * Sanitization: No sanitization or validation logic is defined for the external inputs before they are written to the page. - [COMMAND_EXECUTION]: The skill executes file system operations that modify the environment by moving pages to production routes and deleting temporary folders. * Evidence: Step 4 describes moving refined pages to a target path and deleting the entire
/gallery/{id}/directory tree.
Audit Metadata