pseo-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Command Execution] (SAFE): The skill utilizes a local script at
./scripts/generate.pyto facilitate page generation, sitemap creation, and data validation. This is expected behavior for its stated purpose as a development tool. - [Indirect Prompt Injection] (LOW): The tool ingests data from external sources and interpolates it into source code templates, which is a common vulnerability surface. 1. Ingestion points: untrusted data is read from
data.json. 2. Boundary markers: no delimiters or ignore instructions are specified for the interpolation process. 3. Capability inventory: script execution and file-writing to the./pages/directory. 4. Sanitization: none mentioned in the documentation or CLI examples.
Audit Metadata