tgw-mcn-brief-builder

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled script, scripts/render_mcn_asset.py, to generate structured Markdown files from templates. This is a functional requirement of the skill for asset management and does not involve remote code or unauthorized commands.
  • [PROMPT_INJECTION]: The skill processes user-supplied brand needs to populate marketing briefs. As an indirect prompt injection surface, it includes data ingestion from users without explicit instruction delimiters in the SKILL.md. However, the associated Python script implements robust sanitization for metadata and filenames using YAML scalar escaping and character filtering.
  • [SAFE]: The skill demonstrates secure development practices by enforcing a directory boundary check in the rendering script, preventing the agent from writing files outside the designated project data directory or overwriting sensitive skill components.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 02:26 AM
Security Audit — agent-trust-hub — tgw-mcn-brief-builder