landing-page-auditor
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Step 1f of the skill instructions executes a shell command using
curlandawkto measure the Time to First Byte (TTFB). The commandcurl ... "{URL}"directly interpolates the user-provided URL argument. If the agent does not properly escape or sanitize the input, this can lead to shell command injection if the URL contains metacharacters like semicolons or ampersands. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It is designed to ingest and process large amounts of untrusted data from external sources including the target page text, JSON-LD schema,
robots.txt,sitemap.xml, andllms.txt. These external sources could contain malicious instructions intended to manipulate the audit results or influence the agent's behavior. - Ingestion points: SKILL.md (Steps 1a, 1b, 1c, 1d, 1e) fetches data from external URLs.
- Boundary markers: None. The skill does not use XML tags or specific delimiters to separate untrusted web content from its internal instructions.
- Capability inventory: The skill has the capability to execute shell commands (
bashin Step 1f) and write files to the local disk (Step 6). - Sanitization: None. There are no instructions to sanitize or escape the retrieved external content before it is processed by the LLM or written to the final HTML report.
- [EXTERNAL_DOWNLOADS]: The skill initiates multiple automated network requests to various external files and domains based on the user's input URL to gather data for its analysis report.
Audit Metadata