product-marketing-context
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to fetch content from external landing pages and 'About us' pages to automatically draft product and marketing descriptions. While this is the intended functionality, it involves retrieving data from external web sources.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external websites and local project files without explicit sanitization or boundary markers.
- Ingestion points: Local README files and external landing pages/websites (identified in Step 1 of the skill flow).
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore instructions' warnings when processing retrieved text.
- Capability inventory: The skill utilizes file reading, network fetching (for web content), and file writing (to create
.agents/product-marketing-context.md). - Sanitization: There is no mention of sanitizing or validating external content before it is processed by the agent to generate the marketing context.
Audit Metadata