audit
Fail
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill executes
npx -y modern-web-guidance@latest, which downloads and runs unpinned code from the NPM registry at runtime. This pattern is high-risk as it allows for arbitrary code execution from a third-party source without version pinning or integrity verification. - [EXTERNAL_DOWNLOADS]: The skill depends on external resources including the
modern-web-guidanceNPM package and the PageSpeed Insights API. These dependencies are fetched at runtime from external services. - [DATA_EXFILTRATION]: The
--deployfunctionality implements a "DA transport" protocol to publish the generatedreport.html. This involves sending data to an external destination using HTTPPUTandPOSTmethods, which constitutes an exfiltration path for generated audit data. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and analyzing untrusted data from user-provided URLs. Maliciously crafted content on the audited website could attempt to override the agent's instructions during the critique or reporting phases.
- Ingestion points: Website content is extracted into
pages/*.jsonandbrand-review.html(via theextractskill) which are then read by the audit process. - Boundary markers: The skill instructions do not specify the use of clear delimiters or "ignore embedded instructions" warnings when processing the ingested website data.
- Capability inventory: The agent has access to powerful tools including shell command execution (
curl,npx,node), filesystem writes, and network operations via the deploy protocol. - Sanitization: There is no evidence of sanitization or validation of the extracted site content before it is processed by the AI agent for generating findings and synthesis.
- [COMMAND_EXECUTION]: The skill utilizes several shell-based tools for its operations, including
curlfor checking site semantics and headers,nodefor recording findings in a rollout ledger (skills/rollout/scripts/findings.mjs), andnpxfor fetching remediation guides.
Recommendations
- AI detected serious security threats
Audit Metadata