copywriting
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a modular architecture with clearly defined roles and boundaries for its sub-agents, which prevents cross-contamination of instructions and maintains focus on its stated purpose.
- [SAFE]: File system access is limited to reading project context files (e.g.,
icp-research.md,product-context.md) and writing marketing artifacts, which is appropriate for a copywriting workflow. - [SAFE]: Although the skill manifest lists powerful tools such as
BashandWebFetch, the instructions do not provide any mechanisms for arbitrary command execution or unauthorized data transfer to third-party domains. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied text and external web content through multiple LLM passes. While this creates a potential surface for indirect prompt injection, the orchestrator implements internal contracts and a final verification layer ('critic-agent') that evaluates output against specific rubrics, mitigating the risk of instructions embedded in the input influencing the agent's behavior.
- Ingestion points: SKILL.md (brief/argument-hint), hook-agent.md, body-agent.md.
- Boundary markers: The sub-agent templates use structured headers (## Brief, ## Upstream) but do not explicitly use 'ignore embedded instructions' delimiters.
- Capability inventory: allowed-tools includes Read, Grep, Glob, Bash, WebSearch, and WebFetch.
- Sanitization: None specified, but the critic agent scoring system acts as a functional output validator.
Audit Metadata