afa-convert
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill afa-convert consists of 11 files dedicated to marketing and conversion rate optimization (CRO) strategies. No evidence of malicious behavior, prompt injection, or data exfiltration was found.
- [SAFE]: All external service references (e.g., Shopify, Klaviyo, Hotjar) are used for legitimate business optimization context. There are no attempts to download or execute remote code from untrusted sources.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing external website data and metrics for analysis. 1. Ingestion points: User-provided URLs and site data processed in SKILL.md. 2. Boundary markers: Enforced through _system/interaction-protocol.md and _system/output-format.md. 3. Capability inventory: Generates UI optimization code snippets (Liquid/React/HTML) as noted in anti-patterns.md. 4. Sanitization: The skill implements strict reporting templates and routes non-CRO requests out of scope.
Audit Metadata