content-decay-scan
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
creative-fatigue-predictor.pyduring the decay scoring phase (Step 3). This script is used to process performance data and calculate scores, representing a standard command execution pattern within the agent's environment. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted external data that is subsequently used to influence agent outputs (Category 8).
- Ingestion points: External data is ingested via sitemaps, URL lists, and exported CSV analytics data as described in the 'Input Required' and 'Process' (Step 2) sections.
- Boundary markers: There are no explicit boundary markers or instructions provided to the agent to disregard natural language instructions that might be embedded within the ingested URLs or CSV data.
- Capability inventory: The skill possesses capabilities to execute local scripts (
creative-fatigue-predictor.py) and perform detailed content strategy generation via thecontent-creatorandseo-specialistagents. - Sanitization: No sanitization, validation, or escaping of the external content is mentioned before it is processed by the agents or the scoring script.
Audit Metadata