Agentic Website Stack
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements an automated trend scanner that fetches headlines from Google News RSS. These headlines are interpolated into prompts for the AI content generator without strict sanitization or explicit boundary markers. This creates an architectural surface for indirect prompt injection.\n
- Ingestion points: The file 'convex/agents/trendScanner.ts' fetches headlines from news.google.com/rss.\n
- Boundary markers: The prompt uses simple text labels like 'Recent headlines:' and 'Brand context:' but lacks robust delimiters or explicit instructions to ignore embedded commands within the headlines.\n
- Capability inventory: The skill can create database records in the 'articles' table, trigger automated content writing, and publish content to a public frontend.\n
- Sanitization: External headline text is extracted via regex and used directly in prompts without escaping or validation.\n- [EXTERNAL_DOWNLOADS]: Fetches timely content headlines from Google News's RSS search service to provide context for the trend analysis agent.\n- [PROMPT_INJECTION]: Frontend React components in 'src/components/BlockRenderer.tsx' and 'src/pages/blog/[slug].tsx' use 'dangerouslySetInnerHTML' to render content blocks and JSON-LD metadata. As this content is generated by an AI that ingests untrusted external data (headlines), there is a risk of cross-site scripting (XSS) if the agent is manipulated into outputting malicious script tags.
Audit Metadata