channel-portfolio-planner

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface because it processes untrusted data from external sources like audience exports and analytics screenshots.
  • Ingestion points: External audience research, persona data, and analytics exports (Instruction 1, Instruction 3).
  • Boundary markers: Includes a specific instruction to treat all pasted data as untrusted and to ignore any embedded commands.
  • Capability inventory: Authorized to write channel candidates and portfolio documentation to the local memory file system.
  • Sanitization: Explicitly instructs the agent to ignore instructions embedded in user-provided data.
  • [COMMAND_EXECUTION]: The skill references local utility scripts (scripts/connectors/pageviews.py and scripts/connectors/hn.py) to gather attention signals from public sources like Wikipedia and Hacker News. These are documented as keyless and read-only connectors used for data enrichment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 03:38 PM
Security Audit — agent-trust-hub — channel-portfolio-planner