marketing-content-pipeline-automation
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone a repository from an unverified GitHub account (
github.com/pennydinh/marketing-pineline-share.git) and install its dependencies. This repository is not maintained by a recognized trusted organization and should be reviewed before execution. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources (TechCrunch, Twitter, LinkedIn) and interpolates it directly into LLM prompts.
- Ingestion points: External data is fetched in
src/lib/crawler/research.tsfrom various news and social media sources. - Boundary markers: The
buildPromptfunction insrc/lib/ai/claude.tslacks delimiters or instructions to ignore embedded commands within the research data, allowing malicious external content to potentially hijack the agent's behavior. - Capability inventory: The skill has the capability to call Claude and OpenAI APIs to generate content based on the poisoned research data.
- Sanitization: There is no evidence of sanitization or filtering of the external content before it is processed by the AI models.
Audit Metadata