lead-magnet-brainstorm
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows benign instructional patterns focused on brainstorming and business analysis. All operations are limited to data collection and local storage of the results.
- [DATA_EXPOSURE]: The skill instructs the agent to save outputs to
~/cold-email-ai-skills/profiles/and update aclient-profile.yamlfile. This behavior is consistent with the stated purpose of creating and maintaining user business profiles for marketing purposes and does not target sensitive system directories. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user input during the brainstorming intake process (Step 1). While no explicit boundary markers or sanitization steps are defined, the risk is minimal as the data is used primarily for generating text descriptions and is stored in markdown/YAML files rather than being passed to an execution environment.
- Ingestion points: User answers to business intake questions in
SKILL.md. - Boundary markers: None present.
- Capability inventory: Local file-write operations to the user's home directory (
~/cold-email-ai-skills/). - Sanitization: No specific escaping or validation of user-provided business descriptions is performed before interpolation into the profile files.
Audit Metadata