Skills
skills/openclaw/skills/landing-page-generator/Gen Agent Trust Hub

landing-page-generator

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a significant vulnerability surface for indirect prompt injection via the landing page generation script.
  • Ingestion points: User-controlled data enters the agent context through numerous command-line arguments in scripts/generate_landing.py, including --headline, --subheadline, --product, --benefits, --features, --cta, --guarantee, and --urgency.
  • Boundary markers: Absent. The script directly inserts these strings into an f-string HTML template with no delimiters or instructions to ignore potential malicious content within the variables.
  • Capability inventory: The script scripts/generate_landing.py has the capability to write files to the local filesystem using the user-provided --output path.
  • Sanitization: Absent. There is no implementation of HTML escaping (e.g., using html.escape) or validation to ensure that the input does not contain malicious scripts or tags.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 02:20 PM
Security Audit — agent-trust-hub — landing-page-generator