repurpose
Pass
Audited by Gen Agent Trust Hub on Jul 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted external content such as transcripts and blog posts.
- Ingestion points: Step 1 of the workflow in SKILL.md requires the agent to ingest the full source content.
- Boundary markers: The instructions do not define explicit delimiters or 'ignore' commands for the ingested source text.
- Capability inventory: The skill is limited to text generation and lacks capabilities for network operations, file-system writes, or subprocess execution.
- Sanitization: No evidence of input sanitization or filtering was found in the instructions.
- [SAFE]: The skill reads a local configuration file ('social-context.md') to determine brand voice. This is a standard and expected behavior for the skill's purpose and does not target sensitive system paths or credentials.
Audit Metadata