Skills
skills/cyranob/frontpage-builder-skill/landing-page-builder/Gen Agent Trust Hub

landing-page-builder

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled shell script (scripts/deploy.sh) to package the generated site using tar and upload it using curl.
  • [EXTERNAL_DOWNLOADS]: Generated HTML files include references to well-known and trusted asset providers, including Google Fonts, unpkg.com, and jsdelivr.net.
  • [DATA_EXFILTRATION]: The skill transmits project content to https://claude-skills-deploy.vercel.com/api/deploy. This is a necessary and intended step for deploying the user's landing page to Vercel-hosted infrastructure.
  • [PROMPT_INJECTION]: The skill processes user-provided descriptions to generate executable code, presenting an indirect prompt injection surface.
  • Ingestion points: User product descriptions in Step 1 of SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: Writing files to the local system and performing network uploads via scripts/deploy.sh.
  • Sanitization: Not explicitly implemented within the skill logic; rely on model-level safeguards during generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 04:02 AM
Security Audit — agent-trust-hub — landing-page-builder