personalized-storefront-render
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
organvmcommand-line interface to perform its core functions, includingsync,audit,ratify, andfeedback addoperations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes internal artifacts and client feedback which could contain malicious instructions intended to manipulate the rendering pipeline.
- Ingestion points: Processes internal artifacts in the
/docs/**path and client feedback appended via theorganvm storefront feedback addcommand (SKILL.md). - Boundary markers: No specific delimiters or "ignore previous instructions" warnings are defined for the interpolation of untrusted content.
- Capability inventory: Executes shell commands via the
organvmCLI and writes files to the local repository structure underdocs/storefront/(SKILL.md). - Sanitization: Implements a forbidden-term removal engine and a mandatory human ratification step (
organvm storefront ratify) to move content from generated to curated directories, which serves as a primary security control (SKILL.md).
Audit Metadata