Skills
skills/yigitkonur/skills-by-yigitkonur/convert-snapshot-nextjs/Gen Agent Trust Hub

convert-snapshot-nextjs

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the agent to execute a variety of shell commands to inventory files and parse CSS. These include find, grep, cat, md5, and mkdir to reverse-engineer design tokens and deobfuscate class names.
  • Evidence: Bash snippets provided in references/foundations-agent.md and references/section-template.md for processing local CSS and HTML files.
  • [EXTERNAL_DOWNLOADS]: The agent is instructed to download remote resources discovered in the source files to ensure the final project is self-hosted.
  • Evidence: Instructions in references/foundations-agent.md to use curl -sL -o assets/fonts/{filename} {url} for asset capture.
  • [PROMPT_INJECTION]: The skill's core functionality involves processing untrusted HTML snapshots, which presents an attack surface for indirect prompt injection.
  • Evidence: The skill ingests arbitrary HTML and CSS files which could contain hidden instructions or malicious payloads intended to manipulate the agent during its automated waves.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 05:30 PM