audience-belief-mapper
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: No high-severity malicious patterns, such as data exfiltration or credential theft, were identified.
- [PROMPT_INJECTION]: The skill manages an attack surface for indirect prompt injection due to its core function of processing untrusted qualitative data.
- Ingestion points: Pasted interview transcripts, win-loss exports, and scraped review pages from external services.
- Boundary markers: The instructions lack explicit delimiters for user data, relying instead on narrative structure.
- Capability inventory: The skill writes analysis results to the
memory/directory and can trigger downstream narrative architect skills. - Sanitization: The instructions explicitly command the agent to treat external data as untrusted and to ignore any instructions embedded within that data.
- [COMMAND_EXECUTION]: The skill documentation mentions the use of internal Python scripts (
scripts/connectors/tavily.pyandscripts/connectors/firecrawl.py) to gather category language from public sources. These are identified as local project connectors used for legitimate data gathering purposes.
Audit Metadata