Skills
skills/saccoai/agent-skills/website-refactor/Gen Agent Trust Hub

website-refactor

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes npx to install required teammate skills and uses curl to validate SEO redirects by checking HTTP status codes.
  • [EXTERNAL_DOWNLOADS]: Downloads and installs three companion skills (content-extraction, web-audit, seo-migration) from the author's (saccoai) repository using npx.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it crawls an external, user-provided URL ({ORIGINAL_URL}) and passes the extracted content to other agents for processing.
  • Ingestion points: Data enters the environment via the content-extractor teammate which crawls an external website and saves content to content-inventory.md and src/data/.
  • Boundary markers: Absent. The prompts for the designer and content-extractor agents do not include delimiters or instructions to ignore potential commands embedded in the source website's content.
  • Capability inventory: The agent team has the ability to write to the project's source code (src/, app/), manage public assets, and perform network requests via curl and Playwright.
  • Sanitization: There is no evidence of sanitization or filtering of the extracted website content before it is interpreted by the designer agent during page implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 12:32 PM