update-website
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local system commands to automate repository management and file updates.
- Evidence:
- Uses standard
gitcommands (status,log,diff,tag) to track changes between the app and website repositories. - Employs shell utilities such as
cp -rfor backup creation andgrepfor scanning HTML markers. - All commands are executed within paths specified and confirmed by the user, and the skill includes a permission model to toggle between autonomous and supervised execution of these commands.
- [PROMPT_INJECTION]: The skill processes content from the app codebase and external JSON files, which serves as a potential vector for indirect prompt injection.
- Evidence:
- Ingestion points: Content is dynamically read from source files in
Sources/Features/, localization strings, and user-facing JSON metadata (features.json,faq.json). - Boundary markers: The skill uses well-defined HTML comment delimiters (
<!-- SYNC:TYPE:Name -->and<!-- /SYNC:TYPE:Name -->) to strictly define the scope of content insertion. - Capability inventory: The agent leverages
Bash,Edit,Write, andReadtools to perform the synchronization. - Sanitization: The skill mitigates risks by requiring explicit user confirmation for destructive actions and providing a 'Supervised' mode where the user approves each command and file edit.
Audit Metadata