applying-cms-brand
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion process.
- Ingestion points: External brand guidelines are retrieved via the
get_brand_instructionstool. - Boundary markers: The skill lacks protective delimiters or instructions to the model to ignore embedded commands within the retrieved
promptBody. - Capability inventory: The skill uses the instructions to directly shape the voice, tone, and style of the agent's output.
- Sanitization: There is no validation or filtering performed on the content retrieved from the CMS before it is utilized.
Audit Metadata