buyer-persona-generator
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external websites via WebFetch and WebSearch.
- Ingestion points: Company websites, review platforms, and search results fetched during Phase 1 (Company Research) in SKILL.md.
- Boundary markers: The instructions lack explicit delimiters or instructions to the agent to treat external content as passive data, increasing the risk that the agent might follow instructions embedded in that data.
- Capability inventory: The skill directs the agent to create and write several local files (personas.json, personas.md, segments.md) in the current working directory, potentially incorporating injected content.
- Sanitization: No data validation or sanitization of the fetched external content is performed before it is used to generate the persona assets.
- [NO_CODE]: The skill contains no executable scripts or binary files and relies entirely on natural language instructions for the agent to execute using its built-in web and file system capabilities.
Audit Metadata