snapshot-to-nextjs
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted HTML, CSS, and JS snapshots as input. There is a risk that malicious instructions embedded within these source files could be interpreted by the LLM during the extraction (Wave 0/1) or build (Wave 2/4) phases, potentially altering the intended output or behavior. * Ingestion points:
source-pages/*.html,_files/*.css, and_files/*.jsare read and parsed. * Boundary markers: While the skill uses structured 'waves' and 'briefs', it lacks explicit delimiters or instructions to ignore potential commands embedded in the snapshot content itself. * Capability inventory: The pipeline involves file system access, network downloads (viacurlfor assets), and the execution ofnpm installandnext buildon generated code. * Sanitization: There is no documented process for sanitizing or escaping the content extracted from the snapshots before it is used to generate documentation or code. - [COMMAND_EXECUTION]: The skill instructions include shell commands (e.g.,
find,grep,sed,curl) to be executed as part of the pipeline. While these are standard tools, they are used to process and download data based on the content of external snapshots. - [EXTERNAL_DOWNLOADS]: The skill automatically identifies and downloads external assets (fonts, images, icons) referenced in the snapshots' HTML and CSS files using
curl. This behavior is central to its purpose but involves interaction with arbitrary external URLs found in the source data.
Audit Metadata