Skills
skills/marcioaltoe/skills/web-quality-audit/Gen Agent Trust Hub

web-quality-audit

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill primarily uses standard shell utilities for local file analysis.
  • [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and analyzes untrusted HTML files from user projects. The risk is negligible as the tool lacks the capabilities (network or write access) to act on malicious instructions.
  • Ingestion points: scripts/analyze.sh reads file contents via grep.
  • Boundary markers: None present; content is read directly.
  • Capability inventory: Analysis is limited to local file system traversal and text matching; no network or write access.
  • Sanitization: None; the script performs raw pattern matching and does not escape filenames in its JSON output, which is a best practice violation.
  • [COMMAND_EXECUTION]: The analyze.sh script executes standard shell commands (find, grep) to process local files. These operations are restricted to read-only analysis and do not pose a risk of privilege escalation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 02:36 PM
Security Audit — agent-trust-hub — web-quality-audit