blog-brief
Pass
Audited by Gen Agent Trust Hub on May 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow.
- Ingestion points: The skill ingests untrusted data from the open web using the
WebSearchtool in Step 2 (Keyword Research), Step 3 (Competitive Analysis), and Step 4 (Statistics Research) to retrieve information from external websites. - Boundary markers: The instructions lack explicit boundary markers or directives for the agent to ignore potential instructions embedded within the retrieved search results or competitor content.
- Capability inventory: The agent has the capability to write the processed information to the local file system as a markdown brief (e.g.,
briefs/[slug]-brief.md) in Step 6. - Sanitization: There is no evidence of sanitization or filtering of the external content before it is used to generate the final content brief, allowing malicious instructions from a search result to potentially influence the output or the agent's behavior.
Audit Metadata