marketing-pipeline-share-content-automation
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It retrieves content from external, third-party sources (such as TechCrunch, X/Twitter, and LinkedIn) through the
ResearchServiceand interpolates this untrusted data directly into the system prompts for Claude and OpenAI models. - Ingestion points: Untrusted data enters the context via the
ResearchServiceand is processed by the/api/generateendpoint as shown in theSKILL.mdexamples. - Boundary markers: The prompt templates, such as
Create a ${format} post... Research data: ${JSON.stringify(research)}, lack explicit delimiters or instructions for the AI to ignore any malicious commands that might be embedded in the fetched research data. - Capability inventory: The AI's output is used to drive the content generation and video rendering pipeline.
- Sanitization: The provided code snippets do not include logic for sanitizing or filtering the external content before it is submitted to the language models.
- [EXTERNAL_DOWNLOADS]: The skill instructions direct users to clone a repository from GitHub (
https://github.com/pennydinh/marketing-pineline-share.git) and install various dependencies from public registries using standard tools like npm, yarn, or pnpm.
Audit Metadata