Skills
skills/aradotso/marketing-skills/marketing-pipeline-share-automation/Gen Agent Trust Hub

marketing-pipeline-share-automation

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches unvetted data from external news sources and includes it directly in the prompt used for content generation without isolation or sanitization.
  • Ingestion points: External content is retrieved in src/lib/crawlers/news-crawler.ts from a third-party news API.
  • Boundary markers: The buildUserPrompt function lacks explicit delimiters or instructions to treat the research data as untrusted content, relying only on newlines for separation.
  • Capability inventory: The skill utilizes Anthropic and OpenAI APIs for content generation and the Remotion framework for video rendering.
  • Sanitization: There is no evidence of filtering or escaping logic applied to the external article data before it is interpolated into the generator prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 07:48 AM
Security Audit — agent-trust-hub — marketing-pipeline-share-automation