audience-analyzer
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface as it processes untrusted data to generate audience profiles. * Ingestion points: Brand names, product categories, and customer data (surveys, social insights) provided by the user via arguments and input requests. * Boundary markers: The provided instructions do not specify the use of delimiters or 'ignore' instructions to isolate untrusted data from system prompts. * Capability inventory: The skill writes results to the local filesystem (under memory/influencer/audience-analyzer/) and updates a hot-cache file that influences downstream skills. * Sanitization: No explicit validation or filtering logic is defined for the ingested user content.
- [SAFE]: No obfuscation, hardcoded credentials, or unauthorized network operations were detected. External references point to the author's official GitHub repository or standard workspace paths.
Audit Metadata