Skills
skills/athina-ai/goose-skills/trending-ad-hook-spotter/Gen Agent Trust Hub

trending-ad-hook-spotter

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted content from public social media platforms (Twitter/X, Reddit, LinkedIn, and Hacker News) to generate marketing ad hooks.
  • Ingestion points: Public posts and threads fetched via web_search, the Apify Reddit scraper actor, and the Algolia Hacker News API.
  • Boundary markers: There are no explicit delimiters or instructions provided to isolate external content from the agent's core instructions.
  • Capability inventory: The skill utilizes web_search and HTTP request capabilities (POST/GET) to collect and analyze data.
  • Sanitization: The skill lacks explicit sanitization or filtering logic for the data retrieved from external platforms.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with well-known external APIs to collect trending data.
  • It performs HTTP requests to the Apify API (api.apify.com) to utilize the trudax/reddit-scraper-lite actor for Reddit data extraction.
  • It queries the Algolia Hacker News API (hn.algolia.com) to fetch real-time discussions and front-page stories.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 05:37 PM
Security Audit — agent-trust-hub — trending-ad-hook-spotter