page-cro
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local Python script
scripts/conversion_audit.pyto perform automated analysis of HTML pages. The script is executed with user-provided file paths or URLs. - [EXTERNAL_DOWNLOADS]: The
conversion_audit.pyscript usesurllib.request.urlopento download content from arbitrary URLs provided via the CLI argument--url. - [DATA_EXFILTRATION]: The ability to fetch content from any destination URL provides a vector for outbound network requests (SSRF). While no explicit exfiltration of sensitive data was found, the script can be directed to internal or external network resources by the agent or a user.
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze external marketing pages, creating a surface for Indirect Prompt Injection. Malicious instructions embedded in analyzed HTML (e.g., in metadata, alt text, or hidden tags) could attempt to influence the agent's behavior.
- Ingestion points: External URLs fetched via the audit script and local marketing page files read by the agent.
- Boundary markers: Absent; the instructions do not provide delimiters or warnings to ignore embedded instructions in the analyzed data.
- Capability inventory: Execution of Python scripts and unrestricted outbound network requests to user-provided URLs.
- Sanitization: The audit script counts signals but does not sanitize or filter the content before the agent evaluates the page context.
Audit Metadata