Skills
skills/jubscodes/get-shit-pretty/gsp-brand-audit/Gen Agent Trust Hub

gsp-brand-audit

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute directory creation commands (mkdir -p) to set up the audit output structure.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the WebFetch tool to retrieve content from brand-related URLs provided by the user or defined in project briefs.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface through the ingestion of external data. \n
  • Ingestion points: External content retrieved via WebFetch and user-provided brand descriptions in the BRIEF.md file. \n
  • Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions to isolate ingested data from the agent's core instructions. \n
  • Capability inventory: The agent has access to file-writing, limited shell command execution, and sub-agent spawning capabilities. \n
  • Sanitization: No explicit sanitization or validation of external web content is performed before it is analyzed by the auditor agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 04:01 AM