Skills
skills/jubscodes/get-shit-pretty/brand-identity/Gen Agent Trust Hub

brand-identity

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external data files and passes their content directly to a sub-agent, creating an indirect prompt injection surface.
  • Ingestion points: The skill reads content from BRIEF.md, {BRAND_PATH}/strategy/INDEX.md (strategy chunks), and {BRAND_PATH}/discover/mood-board-direction.md during the prerequisite validation and agent spawning steps.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when interpolating these files into the sub-agent's context.
  • Capability inventory: The skill and its spawned agent have access to Bash (shell execution), Write (file system modification), and Agent (tool for spawning further processes).
  • Sanitization: There is no evidence of sanitization, escaping, or structural validation of the data read from the Markdown files before they are processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 07:13 PM
Security Audit — agent-trust-hub — brand-identity