icp-website-audit
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses web fetch and web search tools to retrieve content from external URLs (client and competitor websites) provided by the user to perform its analysis.
- [COMMAND_EXECUTION]: The metadata defines an installation command
npx goose-skills install icp-website-audit, which is the standard distribution method for this vendor's tools on the intended platform. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to the processing of untrusted data from external websites. * Ingestion points: Web content retrieved during Phase 2 (Website Scorecard) and Phase 3 (Competitive Analysis). * Boundary markers: The instructions do not define delimiters or specific isolation prompts to wrap the external content. * Capability inventory: The skill utilizes local file system access (reading and writing to the
clients/directory) and network access (web fetch). * Sanitization: There is no evidence of content sanitization or instruction-filtering for the ingested web data.
Audit Metadata