tangzhan-webpage-designer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted user text and interpolates it into a prompt for a coding model to generate HTML code without safety boundaries. * Ingestion points: The skill takes arbitrary text from the user as the primary input for webpage generation (documented in
SKILL.md). * Boundary markers: No markers or delimiters are defined to isolate user content from the system's design instructions. * Capability inventory: The skill triggers a 'coding model' to generate a full 'single-file HTML webpage' including CSS and potentially JavaScript. * Sanitization: There is no evidence of input validation or output sanitization to prevent XSS or other code injection vectors. - [Dynamic Execution] (MEDIUM): The skill generates executable web code at runtime based on user-provided content. Without strict isolation or sanitization, the generated code inherits the lack of trust of the user input.
Recommendations
- AI detected serious security threats
Audit Metadata