Skills
skills/chandima/rds-lp-factory/markdown-spec-to-page/Gen Agent Trust Hub

markdown-spec-to-page

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted Markdown data and interpolates it into generated .vue and .json files without sanitization.
  • Ingestion points: External Markdown specification files (e.g., ./specs/basketball-lp.md) or raw text provided by the user.
  • Boundary markers: The skill does not define delimiters or instructions to ignore embedded commands within the processed sections (SKILL.md).
  • Capability inventory: The skill is designed to write files to the local filesystem, specifically creating executable Vue components in the pages/ directory (SKILL.md).
  • Sanitization: There is no evidence of input validation or escaping for content fields like title or body before they are placed into the generated Vue template code (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 10:25 PM