web-presence-manager
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs git operations (clone, commit, push) and executes build commands (e.g., Jekyll, LaTeX, npm) specified in the 'references/site-registry.md' configuration file.
- Build commands are used for pre-push validation as defined in the 'references/monthly-review-checklist.md'.
- Command execution is guarded by quality gates and mandatory user confirmation checkpoints.
- [EXTERNAL_DOWNLOADS]: The skill clones source code from GitHub repositories to a temporary session directory (/tmp/web-presence-session/) for auditing. All downloads target GitHub, which is a trusted service.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes and analyzes untrusted data from audited websites (Markdown, HTML, LaTeX, CSS).
- Ingestion points: Site content files are read by the Website Designer, Portfolio Manager, SEO Manager, and Coherence Manager sub-functions.
- Boundary markers: Task delegation templates in 'SKILL.md' use variables to isolate instructions from site data, and sub-agents receive explicit directives to 'stay in their lane' and avoid original analysis outside their scope.
- Capability inventory: The orchestrator utilizes the Bash tool (for git and build commands), Task tool (for delegation), and Write tool (for saving session state and audit reports).
- Sanitization: No explicit sanitization or filtering of repository content is performed before the data is analyzed by the sub-function LLMs.
Audit Metadata