blog-persona
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it fetches and processes content from user-provided URLs in Step 6 ("Voice Samples") to extract writing style metrics. Malicious instructions embedded in the target content could potentially influence the agent's behavior during the analysis phase.
- Ingestion points: SKILL.md Step 6 (external URLs provided by the user).
- Boundary markers: Absent. The skill does not instruct the agent to ignore or delimit instructions found within the fetched URL content.
- Capability inventory: The skill has the capability to read external URLs, extract text metrics (sentence length, tone, vocabulary), and write the resulting data to a local JSON file.
- Sanitization: None described. The agent is instructed to read the URL and extract values directly.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to fetch content from external URLs provided by the user during the persona creation process. This is a standard functional requirement for style analysis but represents a connection to untrusted external sources.
Audit Metadata