marketing-selling-point-generator
Warn
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation instructions require cloning a repository from an unverified GitHub user account (
danidai098-arch/marketing-selling-point-generator.git). This source is not associated with the primary vendor or any recognized trusted organization, presenting a supply chain risk. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted external data.
- Ingestion points: The
analyzeReviewsmethod inSKILL.mdtakes a raw array of user-provided review strings for analysis. - Boundary markers: There are no delimiters or instructions provided to the agent to ignore or isolate potentially malicious commands embedded within the review data.
- Capability inventory: The skill uses high-capability tools including the
CopyWriter(which interfaces with OpenAI's API) and file export utilities (exportToCSV,exportToJSON). - Sanitization: No input validation, escaping, or filtering logic is present in the provided documentation or code snippets to handle adversarial content in the input data.
Audit Metadata