Skills
skills/lintendo/axhub-make/web-page-workflow/Gen Agent Trust Hub

web-page-workflow

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The file prototype-restoration.md instructs the agent to run a local script using the command node scripts/check-app-ready.mjs /prototypes/[page-name]. This execution depends on arguments derived from the page restoration process.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes untrusted data from external URLs and uses it to generate executable React code and documentation.
  • Ingestion points: External web content is ingested through get_page_markdown, get_page_theme, and Firecrawl MCP tools.
  • Boundary markers: None identified. The instructions do not provide delimiters or specific warnings to the agent to ignore instructions that might be embedded in the scraped content.
  • Capability inventory: The skill has the capability to write files to the src/ and temp/ directories and execute shell commands via node.
  • Sanitization: There are no instructions provided to sanitize, escape, or validate the content retrieved from web pages before it is used for code generation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 06:31 AM
Security Audit — agent-trust-hub — web-page-workflow