Skills
skills/luongnv89/skills/website-cloner/Gen Agent Trust Hub

website-cloner

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because it ingests untrusted data from arbitrary external URLs to generate reports and code.
  • Ingestion points: The website-analyzer/SKILL.md and website-builder/SKILL.md sub-skills utilize the WebFetch tool to retrieve HTML, metadata, and assets from user-provided URLs.
  • Boundary markers: The instructions do not define specific delimiters or instructions for the agent to ignore potentially malicious directions embedded within the fetched external content.
  • Capability inventory: The suite has the capability to write files to the local system and execute shell commands (npm, git) via the website-builder/SKILL.md and SKILL.md files.
  • Sanitization: There is no explicit mechanism described to sanitize or filter the content retrieved from external websites before it is processed by the AI models.
  • [COMMAND_EXECUTION]: The skill uses local shell commands to manage project files, initialize repositories, and build the website projects.
  • Evidence: SKILL.md executes git rev-parse, git fetch, git pull, and git stash to synchronize the working environment. website-builder/SKILL.md executes npm create vite@latest, npm install, npx shadcn@latest init, and git push to implement and deploy the generated site.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 07:17 AM
Security Audit — agent-trust-hub — website-cloner