pennydinh-marketing-pipeline-automation
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning a repository from
https://github.com/pennydinh/marketing-pineline-share.gitand installing dependencies. This involves executing code and packages from an external source not verified as a trusted vendor.\n- [PROMPT_INJECTION]: The skill's research module ingests content from external sources such as Twitter, LinkedIn, and TechCrunch to generate scripts and videos. This introduces a surface for indirect prompt injection attacks where malicious data could influence the generated content.\n - Ingestion points: Data is crawled from various social media and news platforms in
src/lib/research/crawler.ts.\n - Boundary markers: No explicit safety instructions or delimiters to isolate untrusted external content were identified in the snippets.\n
- Capability inventory: The skill uses AI for content generation and has the ability to render videos and potentially publish them to social platforms.\n
- Sanitization: No sanitization or validation of the ingested external content is mentioned in the provided documentation.
Audit Metadata