update-brand-kit

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill manages a 'brand kit' domain model where the 'instructions' field is explicitly designed to store high-leverage guidance that 'directly shapes every downstream generation'. This creates a surface for indirect prompt injection where a malicious user could persist instructions that later compromise subsequent AI tasks.
  • Ingestion points: Free-form natural language requests are mapped directly into the 'instructions' field according to Workflow Step 2 in SKILL.md.
  • Boundary markers: The skill does not provide any instructions for using delimiters or boundary markers to isolate these stored instructions.
  • Capability inventory: The brand kit is designed to be the canonical context for an entire content generation pipeline, giving the stored instructions significant influence over agent behavior.
  • Sanitization: There are no instructions or quality checks defined for validating or sanitizing the user input before it is written to the brand kit.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — update-brand-kit