creator-marketing
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local Python scripts named tg-stats.py and yt-deep-stats.py to retrieve data from Telegram and YouTube. This is part of the intended workflow for the analytics integration.
- [PROMPT_INJECTION]: There is a potential for indirect prompt injection due to the processing of external content. * Ingestion points: Data entering the context comes from the output of statistics scripts defined in SKILL.md. * Boundary markers: The skill does not provide delimiters or instructions to the agent to disregard potential instructions embedded in the external platform data. * Capability inventory: The skill has the capability to execute local python scripts and read local files. * Sanitization: No validation or filtering is performed on the data fetched from external channels before it is used to generate marketing advice.
Audit Metadata