build-backlinks
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- The skill is susceptible to indirect prompt injection as it performs automated web searches across multiple platforms (Hacker News, Quora, GitHub, and various directories) and processes the retrieved content to generate drafts.
- Ingestion points: Data enters the agent's context through web search results in Phase 2 ('Channel Research').
- Boundary markers: The instructions lack explicit boundary markers or delimiters to separate untrusted external content from the core logic when the agent is drafting responses.
- Capability inventory: The skill has the capability to read local research files (
brand_dna.md, etc.) and write a prioritized action plan to the local workspace (backlink_plan.md). It does not have automated posting capabilities. - Sanitization: There are no explicit instructions for the agent to sanitize or ignore potentially malicious instructions embedded within the third-party forum posts or directory listings it retrieves.
- Risk Mitigation: The primary safeguard is that the skill produces a 'ready-to-execute action plan' for the user to review. The human-in-the-loop requirement for posting the drafts significantly reduces the potential impact of an injection.
Audit Metadata