icp-website-audit
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality requires crawling external, untrusted websites (client and competitor sites). These sites could contain hidden instructions designed to influence the agent's evaluation or report output.\n
- Ingestion points:
SKILL.mdPhase 2 and Phase 3 instructions for crawling client and competitor URLs.\n - Boundary markers: The instructions do not specify the use of delimiters or 'ignore instructions' blocks when processing external site content.\n
- Capability inventory: The skill is limited to reading local context files and writing markdown reports to the project directory.\n
- Sanitization: No explicit sanitization of the fetched web content is described in the workflow instructions.
Audit Metadata