pm-url2proto

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes content from external web pages using Chrome automation tools and WebFetch fallbacks. This represents an indirect prompt injection surface where instructions hidden in the target website's text or accessibility labels could be processed by the agent.
  • Ingestion points: Captures source pages via Chrome automation (using the read_page tool) or WebFetch fallbacks as described in the capture phase of SKILL.md.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands in the source page are defined.
  • Capability inventory: The skill performs file system writes to create the project structure and instructs the user to execute shell commands (npm install, npm run dev) for project initialization.
  • Sanitization: No sanitization or validation of the extracted web content is mentioned before it is used for code generation.
  • [COMMAND_EXECUTION]: The instructions direct the user to execute shell commands to initialize and run the generated project, specifically npm install, npm run dev, and npx tsc --noEmit. While these are standard development tasks, they involve local command execution.
  • [EXTERNAL_DOWNLOADS]: The generated project configuration in the reference files includes dependencies such as next, react, and tailwindcss which are fetched from the public npm registry. These are well-known packages necessary for the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 04:37 PM
Security Audit — agent-trust-hub — pm-url2proto