improve-content
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its core functionality of ingesting and processing untrusted external content. \n
- Ingestion points: Step 1 in
SKILL.mdinstructs the agent to fetch a user-provided URL and read the full rendered page content. \n - Boundary markers: Absent. The instructions do not define delimiters or specific 'ignore embedded instructions' warnings to isolate the fetched external data from the skill's own operational guidelines. \n
- Capability inventory: The agent has the ability to fetch arbitrary URLs, perform Google searches, and generate significant amounts of text, which could be leveraged if the agent follows malicious instructions embedded in a fetched page. \n
- Sanitization: Absent. There are no instructions to sanitize, escape, or validate the fetched content before it enters the rewrite pipeline. \n- [NO_CODE]: The skill is implemented entirely through Markdown-based instructions and reference documentation without any executable components. \n
- Analysis of the 26 files confirms the absence of executable scripts (.py, .js, .sh), configuration files, or binaries. \n
- The entire logic of the content improvement pipeline is handled through natural language instructions for the AI agent.
Audit Metadata