conversion-audit
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and process content from a user-provided URL during Step 1 of the audit process.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests untrusted data from external sources.
- Ingestion points: The agent fetches full rendered page content including text, headings, and CTAs in Step 1.
- Boundary markers: There are no specific instructions or delimiters provided to ensure the agent treats the fetched content strictly as data rather than potential instructions.
- Capability inventory: None. This is an instruction-only skill with no scripts or command execution.
- Sanitization: No sanitization or validation of the fetched URL content is performed before processing.
- [NO_CODE]: The skill is composed entirely of markdown instructions and does not include any Python scripts, Node.js packages, or shell commands.
Audit Metadata