landing-page-generator
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The script
scripts/generate_landing.pyis vulnerable to data-to-HTML injection which results in Cross-Site Scripting (XSS) in its output files. - Ingestion points: Command-line arguments such as
--headline,--product, and--benefitsinscripts/generate_landing.py. - Boundary markers: Absent; user input is directly interpolated into the HTML template.
- Capability inventory: The script performs local file writes to save the generated HTML pages to disk.
- Sanitization: Absent; the script uses Python f-strings to build HTML without escaping special characters like
<or>, allowing an attacker to inject arbitrary scripts into the generated landing pages.
Audit Metadata