publish-html-page
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow incorporates the execution of a local shell script
cf-assets.shto handle file uploads exceeding 512KB. The script is located within the vendor's specific plugin directory (srp-developer) in the local environment. - [SAFE]: External network interactions are restricted to
assets.yesy.siteandpage.yesy.site, which serve as the intended endpoints for the vendor's asset and page hosting services. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to the processing of untrusted content:
- Ingestion points: User-provided HTML strings and page titles are used as direct inputs for the publishing tools.
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the AI from adopting instructions embedded within the user's HTML content.
- Capability inventory: The skill possesses the ability to execute shell commands (
bash), search the file system (find), and perform network-based uploads and publishing via MCP tools. - Sanitization: The skill does not implement validation or filtering logic to sanitize malicious scripts or tags within the HTML content before it is deployed.
Audit Metadata