content-engine
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of natural language instructions for content synthesis. It contains no executable scripts, shell commands, or network exfiltration patterns.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core functionality:
- Ingestion points: The 'Source-First Workflow' section directs the agent to ingest external, potentially untrusted data including published articles, internal memos, documentation, and transcripts from the local file system or external sources.
- Boundary markers: Absent. The instructions do not provide delimiters or 'ignore' directives to isolate the source material's content from the agent's instructions.
- Capability inventory: The skill references related skills and APIs including 'x-api' for sourcing and publishing, 'crosspost' for distribution, and 'brand-voice' for profile generation.
- Sanitization: Absent. No validation, escaping, or filtering of the source material is implemented. Note: This finding identifies a structural vulnerability inherent to content synthesis skills and does not indicate active malicious intent.
Audit Metadata