micro-landing-builder
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts
scripts/batch_create.pyandscripts/deploy_vercel.pyutilizesubprocess.runto execute local shell commands. These commands are used for project scaffolding (python3 scaffold.py) and deployment operations using thevercelCLI tool. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface in its batch creation logic.
- Ingestion points:
scripts/batch_create.pyreads external data from CSV and JSON files to define project parameters. - Boundary markers: None; external input is parsed and directly interpolated into configuration files and command-line arguments.
- Capability inventory: The skill can perform file system writes and execute subprocesses based on the processed data.
- Sanitization: The script uses standard
csvandjsonlibrary parsers and performs basic string stripping, but lacks rigorous validation for field content which is eventually used in code generation templates inscripts/scaffold.py.
Audit Metadata