blog-to-twitter-post
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of processing untrusted data from external blog articles.
- Ingestion points: The skill accepts blog content via direct text input or by fetching data from user-provided URLs as specified in
SKILL.md. - Boundary markers: The instructions do not define clear delimiters (such as specific XML tags or unique string markers) to isolate the untrusted source text from the agent's instructions, nor do they include explicit commands to ignore embedded instructions within the source content.
- Capability inventory: The agent is authorized to use browsing tools to fetch external articles and trending data, and it is instructed to use image generation capabilities if available.
- Sanitization: While the workflow includes a 'normalization' step to remove boilerplate content (menus, bios, etc.), this is for content quality and does not involve security-focused sanitization or filtering of the input data.
Audit Metadata