Skills
skills/varnan-tech/opendirectory/schema-markup-generator/Gen Agent Trust Hub

schema-markup-generator

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to crawl and process content from external, potentially untrusted webpages. This represents a surface for indirect prompt injection, where malicious instructions embedded in a webpage could attempt to subvert the agent's logic.
  • Ingestion points: Webpage content extracted via Chrome DevTools or curl fallbacks (SKILL.md, Step 2).
  • Boundary markers: The instructions lack explicit boundary markers or delimiters to isolate untrusted web content from the agent's operating instructions.
  • Capability inventory: The agent has capabilities to read local HTML files, perform network requests (crawling), and open GitHub Pull Requests (SKILL.md, Step 7).
  • Sanitization: No explicit sanitization or input validation is performed on the crawled content before it is processed by the LLM.
  • [COMMAND_EXECUTION]: The skill instructions and documentation describe the use of external CLI tools and browsers for automation.
  • The workflow utilizes Chrome with remote debugging enabled (--remote-debugging-port) to handle JavaScript-heavy sites.
  • It optionally uses the GitHub CLI or API to open Pull Requests on behalf of the user, which requires a GITHUB_TOKEN provided in the environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:53 PM
Security Audit — agent-trust-hub — schema-markup-generator