afa-brand
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an "Auto-Scrape" mode (identified in SKILL.md and references/voice-building-sop.md) that retrieves content from external, user-provided URLs to perform brand analysis. This processing of untrusted data introduces an indirect prompt injection surface where malicious instructions embedded in external web content could potentially influence the agent's behavior.\n
- Ingestion points: The Auto-Scrape functionality in references/voice-building-sop.md crawls external domains and platforms like LinkedIn.\n
- Boundary markers: There are no explicit delimiters or specific "ignore instructions" directives mentioned in the analyzed files to isolate scraped data from the agent's core instructions.\n
- Capability inventory: The skill performs file reading and writing within the ./brand-brain/ directory and utilizes web-crawling capabilities.\n
- Sanitization: The provided files do not specify any validation or sanitization routines for the content retrieved from external sources.
Audit Metadata