audience-builder
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes curl commands to interact with the Lytics API at api.lytics.io. This is the intended core functionality and is directed towards well-known, vendor-owned infrastructure.
- [PROMPT_INJECTION]: The skill processes user-provided natural language to construct FilterQL expressions. To protect against indirect prompt injection or unintended actions, the skill implements a mandatory human-in-the-loop 'Confirmation Gate' (Step 6), where the agent must present a summary and the final API payload for user approval before execution. This process involves clear ingestion points (audience description), capabilities inventory (curl POST requests to create segments), and multiple sanitization/validation steps (syntax validation in Step 4, size estimation in Step 5, and the final confirmation gate).
Audit Metadata