buyer-persona-generator

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes untrusted content from external websites.\n
  • Ingestion points: SKILL.md Phase 1 instructions utilize WebFetch and WebSearch to gather company data.\n
  • Boundary markers: Absent; the skill does not explicitly instruct the agent to ignore embedded instructions in fetched content.\n
  • Capability inventory: The skill has access to file system write operations (Phase 4) and network tools (WebSearch, WebFetch).\n
  • Sanitization: No sanitization of external content is specified before analysis.\n- [NO_CODE]: This skill contains no executable scripts or binaries; it is executed entirely through the agent's natural language processing of the markdown instructions and its built-in capabilities.\n- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill's behavior is consistent with its intended use for marketing and customer research.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 01:07 PM
Security Audit — agent-trust-hub — buyer-persona-generator