Skills
skills/sundial-org/awesome-openclaw-skills/landing-gen/Gen Agent Trust Hub

landing-gen

Warn

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the user to run the npx ai-landing command to generate project documentation.
  • [EXTERNAL_DOWNLOADS]: Execution of npx triggers a download of the ai-landing package from the public npm registry.
  • [REMOTE_CODE_EXECUTION]: Running a third-party CLI tool from an unverified provider (LXGIC Studios) allows for the execution of remote code on the local machine.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) by processing project metadata.
  • Ingestion points: Reads project name, description, and keywords from package.json (documented in SKILL.md).
  • Boundary markers: No delimiters or "ignore embedded instructions" warnings are used when processing external metadata.
  • Capability inventory: The tool generates HTML files (landing.html) and requires shell execution privileges via npx.
  • Sanitization: No documentation suggests that the input metadata from package.json is validated or sanitized before being used in the AI generation process.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 25, 2026, 02:58 AM