crosspost
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill contains no executable code, obfuscated content, or unauthorized network operations. Its primary function is content adaptation based on platform-specific rules.
- [PROMPT_INJECTION]: The skill processes untrusted external content as its primary input, which creates a surface for indirect prompt injection.
- Ingestion points: Step 1 in
SKILL.md(Start with the Primary Version) ingests external articles, posts, and notes. - Boundary markers: Absent. The instructions do not specify delimiters or warnings to prevent the agent from obeying instructions embedded in the source content.
- Capability inventory: The skill refers to
x-apifor publishing workflows, which implies the capability to write data to external platforms. - Sanitization: Absent. No explicit validation or filtering of the source content is mentioned, relying instead on quality gates for tone and style.
Audit Metadata