cross-post

Pass

Audited by Gen Agent Trust Hub on Jul 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from external sources.
  • Ingestion points: The workflow in SKILL.md instructs the agent to "Fetch the URL or read the pasted text in full."
  • Boundary markers: Absent. There are no instructions providing delimiters or 'ignore' directives for the fetched content to prevent it from overriding agent instructions.
  • Capability inventory: The skill is limited to fetching web content and generating text. It does not perform high-risk actions such as file system modifications or command execution.
  • Sanitization: Absent. The skill does not specify any validation or filtering for the external content before it is interpolated into the drafting process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 18, 2026, 07:08 AM
Security Audit — agent-trust-hub — cross-post