Skills
skills/nexu-io/open-design/saas-landing/Gen Agent Trust Hub

saas-landing

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates entirely locally, producing a single static HTML file without any external network dependencies or remote code execution.
  • [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection because it ingests untrusted data from a local DESIGN.md file and explicitly permits a section within it ('Agent Prompt Guide') to override its instructions. This is an intended feature of the design workflow rather than a malicious implementation.
  • Ingestion points: The agent is instructed to read DESIGN.md at the beginning of the workflow in SKILL.md.
  • Boundary markers: No explicit boundary markers or 'ignore' instructions are provided to separate the design content from the agent's core logic.
  • Capability inventory: The skill requires file_write to output the final index.html file.
  • Sanitization: No sanitization or validation is applied to the content retrieved from DESIGN.md.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 09:58 PM