Skills
skills/aradotso/marketing-skills/marketing-pipeline-ai-content/Gen Agent Trust Hub

marketing-pipeline-ai-content

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone an external repository (https://github.com/pennydinh/marketing-pineline-share.git) and install its dependencies. This repository is not from a verified or well-known organization.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the way it handles external data.
  • Ingestion points: Untrusted data is fetched from sources like TechCrunch, Twitter/X, and LinkedIn via the crawlResearch module.
  • Boundary markers: Absent. The prompt template in the createContent function directly interpolates the research data using JSON.stringify without any delimiters or instructions to ignore embedded commands.
  • Capability inventory: The system can perform network operations (API calls) and execute subprocesses through the Remotion rendering engine (renderMedia).
  • Sanitization: Absent. There is no evidence of validation or filtering for the fetched research content before it is included in the prompt to the language model.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:44 PM
Security Audit — agent-trust-hub — marketing-pipeline-ai-content