gsp-brand-guidelines
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the processing of external brand data.
- Ingestion points: Untrusted content is read from project files such as identity chunks (color-system.md, typography.md), strategy documents (voice-and-tone.md, archetype.md), and the project BRIEF.md.
- Boundary markers: Content from these files is directly inlined into the instructions for the 'gsp-brand-engineer' agent without delimiters or instructions to ignore embedded commands.
- Capability inventory: The agent has access to sensitive tools including 'Bash' and 'Write', providing a potential path for exploitation if instructions are successfully injected.
- Sanitization: There is no evidence of sanitization or structural validation for the data ingested from the brand identity and strategy files.
Audit Metadata