personalized-storefront-render

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the organvm command-line interface to perform its core functions, including sync, audit, ratify, and feedback add operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes internal artifacts and client feedback which could contain malicious instructions intended to manipulate the rendering pipeline.
  • Ingestion points: Processes internal artifacts in the /docs/** path and client feedback appended via the organvm storefront feedback add command (SKILL.md).
  • Boundary markers: No specific delimiters or "ignore previous instructions" warnings are defined for the interpolation of untrusted content.
  • Capability inventory: Executes shell commands via the organvm CLI and writes files to the local repository structure under docs/storefront/ (SKILL.md).
  • Sanitization: Implements a forbidden-term removal engine and a mandatory human ratification step (organvm storefront ratify) to move content from generated to curated directories, which serves as a primary security control (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 12:02 PM
Security Audit — agent-trust-hub — personalized-storefront-render