Skills
skills/efesto-cloud/skills/webapp-loader-action/Gen Agent Trust Hub

webapp-loader-action

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns or security risks were detected in the instructions or templates. The skill utilizes project-specific security utilities and standard web development libraries.
  • [PROMPT_INJECTION]: Analyzed the surface for indirect prompt injection as the skill handles untrusted web request data. The risk is mitigated by explicit requirements for validation and authentication.
  • Ingestion points: Untrusted data enters via args.params, args.request.url, and args.request.formData() as seen in SKILL.md and references/templates.md.
  • Boundary markers: Present; instructions mandate the use of Zod validators for all external inputs.
  • Capability inventory: Logic is executed via a Dependency Injection container, calling execute() on core use case interfaces.
  • Sanitization: Input validation is enforced using Zod's .parse() or .safeParse() methods to verify and sanitize data before it reaches the core system.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 08:14 PM