reply-writer
Pass
Audited by Gen Agent Trust Hub on Jul 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes raw, untrusted social media content that could contain instructions designed to manipulate the agent.
- Ingestion points: Untrusted content enters the context via the pasted batch of comments and DMs described in the Workflow section of SKILL.md.
- Boundary markers: No explicit delimiters or boundary markers are defined to isolate untrusted user input from the skill's operational instructions.
- Capability inventory: The skill's capabilities are limited to reading local context files and generating text drafts; it lacks the ability to execute shell commands, perform network operations, or write to the file system.
- Sanitization: The instructions do not include steps to sanitize or escape potentially malicious strings within the social media content before it is processed by the model.
- [NO_CODE]: The skill package contains only markdown instructions and evaluation configurations. There are no executable scripts, binaries, or automated shell commands, which significantly limits the potential for traditional malicious activity like data exfiltration or persistence.
Audit Metadata