update-brand-kit
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill manages a 'brand kit' domain model where the 'instructions' field is explicitly designed to store high-leverage guidance that 'directly shapes every downstream generation'. This creates a surface for indirect prompt injection where a malicious user could persist instructions that later compromise subsequent AI tasks.
- Ingestion points: Free-form natural language requests are mapped directly into the 'instructions' field according to Workflow Step 2 in SKILL.md.
- Boundary markers: The skill does not provide any instructions for using delimiters or boundary markers to isolate these stored instructions.
- Capability inventory: The brand kit is designed to be the canonical context for an entire content generation pipeline, giving the stored instructions significant influence over agent behavior.
- Sanitization: There are no instructions or quality checks defined for validating or sanitizing the user input before it is written to the brand kit.
Audit Metadata