page-cro
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it is designed to ingest and process untrusted data from external sources to perform its audit.\n
- Ingestion points: The agent processes external content from live page URLs, Clarity CSV exports, and visual screenshots provided by users (SKILL.md, Step 0 and Step 2).\n
- Boundary markers: There are no explicit instructions to wrap this untrusted external content in specific delimiters or to provide negative constraints to ignore embedded instructions within the processed data.\n
- Capability inventory: The skill calls data retrieval tools like
get_marketing_contextand suggests handing off implementation tasks to skills such aswebsite-content-editor, which may possess production-level write capabilities.\n - Sanitization: The instructions do not specify any validation or sanitization steps for the data retrieved from URLs or CSV files before it is incorporated into the agent's reasoning context.
Audit Metadata