landing-page-generator
Generate complete, deploy-ready landing pages from any repository. Use when creating a homepage for an open-source project, building a project website, converting a README into a marketing page, or standardizing landing pages across multiple repos.
87
85%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Risky
Do not use without reviewing
Security
2 findings — 1 high severity, 1 medium severity. You should review these findings carefully before considering using this skill.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 0.80). The skill instructs the agent to read and reproduce repository content (including README code blocks and shell commands and to generate a GitHub Actions workflow), so if those sources contain API keys or tokens the agent would include them verbatim in generated pages/workflows, creating an exfiltration risk.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md "Step 1: Repository Analysis" and the Content Extraction Map) explicitly reads and parses README.md, CHANGELOG.md, docs/, assets/ and other files from arbitrary source repositories (including public GitHub repos), ingesting untrusted, user-generated content that is used to populate the generated site, search index, navigation links and deployment artifacts—so third-party instructions could materially influence generation and runtime navigation.
- Commit
746adc8
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.