landing-page-breakdown
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content (text, metadata, and CSS) from arbitrary, untrusted external landing pages. An attacker could embed malicious instructions within a page's content or metadata to influence the agent's analysis or report generation.
- Ingestion points: Extracts DOM data (tags, text, attributes) from user-provided URLs as seen in Step 3 of SKILL.md.
- Boundary markers: The instructions lack explicit delimiters or 'ignore embedded instructions' warnings for the data being analyzed.
- Capability inventory: Includes browser automation (screenshots), DOM manipulation, and local file writing (report.md and screenshots/ directory).
- Sanitization: Extracted text is sliced for brevity (e.g., textContent.slice(0, 50)) but not sanitized for instruction-like patterns.
Audit Metadata