trend-spotter

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches trend data from well-known sources including Google Trends, Reddit, and YouTube. These references are used for market intelligence and originate from established, reputable platforms.
  • [COMMAND_EXECUTION]: Executes bundled helper scripts such as rss_monitor.py, tavily.py, and pageviews.py to process data and perform searches. These scripts are legitimate components of the skill's workflow for retrieving external trend signals.
  • [PROMPT_INJECTION]: The skill processes untrusted content from external RSS feeds and websites, which introduces an indirect prompt injection surface.
  • Ingestion points: External trend data from Reddit, Hacker News, and Google Trends is loaded into the agent's context via the rss_monitor.py script.
  • Boundary markers: Instructions in the trend-scout-recipe.md file explicitly command the agent to treat feed text as data and never as instructions.
  • Capability inventory: The skill performs file writes to designated memory paths (memory/influencer/) and executes specific scripts for data gathering.
  • Sanitization: The skill relies on explicit instructional constraints to ensure external content is treated as inert data and not executable instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 10:02 AM
Security Audit — agent-trust-hub — trend-spotter