audience-analyzer

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface as it processes untrusted data to generate audience profiles. * Ingestion points: Brand names, product categories, and customer data (surveys, social insights) provided by the user via arguments and input requests. * Boundary markers: The provided instructions do not specify the use of delimiters or 'ignore' instructions to isolate untrusted data from system prompts. * Capability inventory: The skill writes results to the local filesystem (under memory/influencer/audience-analyzer/) and updates a hot-cache file that influences downstream skills. * Sanitization: No explicit validation or filtering logic is defined for the ingested user content.
  • [SAFE]: No obfuscation, hardcoded credentials, or unauthorized network operations were detected. External references point to the author's official GitHub repository or standard workspace paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 03:30 PM
Security Audit — agent-trust-hub — audience-analyzer