research-shortform
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes an attack surface for indirect prompt injection which is handled safely. 1. Ingestion points: Social media content is fetched from platforms like TikTok and Instagram via WebFetch in agents/platform-scout-agent.md. 2. Boundary markers: Data processing is restricted to specific fields such as visual descriptions, verbal hooks, and metrics as defined in the agent manifests. 3. Capability inventory: The skill has Bash and Write capabilities for local management, but agents are limited to extraction and synthesis. 4. Sanitization: The multi-agent Critic loop (agents/critic-agent.md) provides a quality gate by validating citations and source integrity.
- [SAFE]: The skill's support scripts (e.g., manifest-sync.ts, append-loop-result.ts, scaffold-eval-loop.ts) implement robust security practices. They utilize path normalization via realpathSync and symbolic link validation via lstatSync to prevent path traversal and ensure all file operations remain within the authorized project directory.
Audit Metadata