afa-sms
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill instructions focus on marketing strategy and adhere to established protocols.
- [PROMPT_INJECTION]: The skill instructions do not contain any patterns attempting to override safety guidelines, bypass system constraints, or extract system prompts.
- [DATA_EXPOSURE]: No sensitive file access (e.g., .ssh, .aws) or network-based exfiltration patterns were identified. Access to brand-related files like products.md and audience.md is within the intended functional scope for marketing assistance.
- [REMOTE_CODE_EXECUTION]: No external package installations (npm, pip) or remote script executions (curl | bash) were found in the instructions or reference materials.
- [OBFUSCATION]: No encoded content, zero-width characters, homoglyphs, or other forms of obfuscation were detected in the skill files.
- [DYNAMIC_CONTEXT_INJECTION]: The skill does not utilize the
!commandsyntax in SKILL.md for executing shell commands at load time. - [INDIRECT_PROMPT_INJECTION]: Evaluated the surface for indirect injection via processed marketing data.
- Ingestion points: Reads product and audience data from the brand-brain directory (e.g., products.md, audience.md).
- Boundary markers: The skill uses a structured context matrix and startup protocols to manage information flow, though specific prompt delimiters are not explicitly defined in the logic.
- Capability inventory: Limited to generating SMS marketing copy and strategies; no code execution, file system modification, or network capabilities are present.
- Sanitization: Not explicitly implemented at the input level, but the limited capability tier (text generation only) renders this surface safe.
Audit Metadata