oneshot-build
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill incorporates the
@oneshot-agent/sdkNode.js package. This is the official software development kit provided by the vendor (oneshot-agent) to facilitate website creation and management through their platform. - [PROMPT_INJECTION]: The
agent.buildfunctionality supports asource_urlparameter designed to analyze third-party websites for design inspiration. This creates an indirect prompt injection surface. Ingestion points: External content is fetched and analyzed from URLs provided in thesource_urlfield withinSKILL.md. Boundary markers: There are no documented delimiters or specific instructions provided to the agent to ignore potentially malicious instructions embedded in the source website's content. Capability inventory: The skill allows the agent to generate and deploy code based on its analysis of the input. Sanitization: The documentation does not specify any content filtering or sanitization processes for the data retrieved from external URLs.
Audit Metadata