product-marketing-context
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface via external content ingestion. \n
- Ingestion points: In 'Buoc 1', the skill instructs the agent to read external codebase files (README) and public web content (landing pages, 'About Us' pages) to draft the product context. \n
- Boundary markers: Absent. The instructions do not provide delimiters or 'ignore embedded instructions' warnings when the agent processes the harvested external data. \n
- Capability inventory: The skill uses file-writing capabilities to create and maintain
.agents/product-marketing-context.md. \n - Sanitization: Absent. The skill summarizes and stores external content without specific escaping or validation logic. \n
- Downstream impact: The skill establishes a trust chain by directing other marketing skills to read the generated file as an authoritative source ('Doc toan bo... khong hoi lai'), which could allow malicious instructions in a crawled website to influence the agent's logic in later steps. \n- [DATA_EXFILTRATION]: Network activity to non-whitelisted domains. \n
- Evidence: The skill triggers network operations when it instructs the agent to 'Doc... landing page' to gather product details from arbitrary external websites.
Audit Metadata