content-brief-factory
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local Python scripts (e.g., site-content-catalog/scripts/catalog_site.py, review-scraper/scripts/scrape_reviews.py, reddit-scraper/scripts/scrape_reddit.py) to perform site auditing and data scraping tasks.
- [EXTERNAL_DOWNLOADS]: The skill connects to multiple external API providers (SerpAPI, Serper.dev, DataForSEO, ValueSERP) and fetches content from public websites and social platforms like Reddit to inform the content briefs.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing external data.
- Ingestion points: Untrusted data is ingested from external webpages, Reddit posts, and review platforms (G2, Capterra) through scraping tools.
- Boundary markers: The instructions lack explicit boundary markers or system instructions to prevent the agent from following instructions potentially embedded in the scraped content.
- Capability inventory: The agent has the capability to execute shell commands (python3) and perform file system writes (clients/.../content/briefs/).
- Sanitization: No validation or sanitization of the scraped external content is described before it is used to generate the final content brief output.
Audit Metadata