saas-landing-theme
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest untrusted user data such as product names and feature lists and interpolate them into generated HTML/JSX code.
- Ingestion points: Product name, tagline, features, and pricing tiers gathered in the workflow steps of SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the templates.
- Capability inventory: The skill writes generated code to the user's output directory.
- Sanitization: The instructions do not specify sanitization or escaping of the user-provided strings.
- [EXTERNAL_DOWNLOADS]: The skill references font assets from a well-known external provider.
- Evidence: The design system in references/design-system.md loads fonts from Google Fonts (fonts.googleapis.com).
Audit Metadata