landing-page-design
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing additional components from the 'inference-sh' repository using the 'npx skills add' command.
- [COMMAND_EXECUTION]: Utilizes the 'infsh' CLI tool via Bash to interact with remote AI models for image generation (falai/flux-dev-lora, bytedance/seedream-4-5) and web search (tavily/search-assistant, exa/answer).
- [PROMPT_INJECTION]: Features an attack surface for indirect prompt injection via external data ingestion.
- Ingestion points: Data is ingested from web search results provided by the Tavily and Exa tools.
- Boundary markers: No explicit delimiters or 'ignore' instructions are provided to the agent for processing these search results.
- Capability inventory: The skill allows execution of the 'infsh' command suite via Bash.
- Sanitization: The skill does not implement specific sanitization or filtering of the content returned from search tools before it is processed by the agent.
Audit Metadata