demo-builder
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill researches prospect companies by fetching content from their websites and other external sources, creating an indirect prompt injection surface. This data is processed to generate demo concepts and reports without explicit sanitization or boundary markers. Ingestion points include prospect websites, GitHub repositories, and competitor documentation. Capability inventory includes Bash, Write, and WebFetch.
- [COMMAND_EXECUTION]: The skill writes code to the local file system and executes it using the Bash tool to build and test demo prototypes for the prospect.
- [EXTERNAL_DOWNLOADS]: The skill fetches data from various external domains using WebFetch and WebSearch to gather information on prospects and competitors to inform the demo creation and comparison report.
Audit Metadata