convert-snapshot-nextjs
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell utilities such as grep, sed, and find to automate the extraction of CSS properties, typography, and layout metadata from captured site artifacts (references/foundations-agent.md, references/section-template.md).
- [EXTERNAL_DOWNLOADS]: During the extraction phase, the skill uses curl or wget to download images, fonts, and other assets directly from the source site's infrastructure to ensure the final project is self-contained (references/foundations-agent.md).
- [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted HTML, CSS, and runtime metadata from external websites to drive the code generation process. Ingestion points include the 'dom.html' and discovered CSS corpus. The capability inventory includes file writes, network downloads, and project build execution (npm build). Sanitization is implemented via explicit instructions to audit third-party JS and verify all extracted values against grounded artifacts (SKILL.md, references/foundations-agent.md).
Audit Metadata