marketing-pipeline-ai-content-automation
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to clone an external repository (
github.com/pennydinh/marketing-pineline-share.git) that does not belong to the stated skill author (ara.so / Aradotso). This constitutes a dependency on an unverified third-party source. - [REMOTE_CODE_EXECUTION]: The installation guide requires users to execute the cloned third-party code via
npm installandnpm run dev. Since the source is unverified and unaffiliated with the author, this poses a risk of executing potentially malicious code within the user's environment. - [PROMPT_INJECTION]: The skill implements an automated research-to-content workflow that is vulnerable to indirect prompt injection. It ingests data from external, untrusted sources (Twitter, LinkedIn, and TechCrunch) and interpolates it directly into LLM prompts.
- Ingestion points: The
news-scanner.tsmodule fetches external articles and social media content based on keywords. - Boundary markers: The prompt templates in
claude-generator.tsandopenai-generator.tsuse simple text labels (e.g., "Based on the following recent research:") which provide minimal protection against instructions embedded within the crawled content. - Capability inventory: The pipeline has the capability to render video content using Remotion, which involves dynamic bundling and execution of project assets via Webpack.
- Sanitization: The provided code snippets do not implement sanitization, filtering, or validation of the content retrieved from external research sources before it is processed by the AI models.
Audit Metadata