audience-belief-mapper

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: No high-severity malicious patterns, such as data exfiltration or credential theft, were identified.
  • [PROMPT_INJECTION]: The skill manages an attack surface for indirect prompt injection due to its core function of processing untrusted qualitative data.
  • Ingestion points: Pasted interview transcripts, win-loss exports, and scraped review pages from external services.
  • Boundary markers: The instructions lack explicit delimiters for user data, relying instead on narrative structure.
  • Capability inventory: The skill writes analysis results to the memory/ directory and can trigger downstream narrative architect skills.
  • Sanitization: The instructions explicitly command the agent to treat external data as untrusted and to ignore any instructions embedded within that data.
  • [COMMAND_EXECUTION]: The skill documentation mentions the use of internal Python scripts (scripts/connectors/tavily.py and scripts/connectors/firecrawl.py) to gather category language from public sources. These are identified as local project connectors used for legitimate data gathering purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 04:16 PM
Security Audit — agent-trust-hub — audience-belief-mapper