ugc-flow
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions include the use of the 'postplus' CLI tool for readiness checks ('postplus doctor') and confirming generation quotes ('postplus quote confirm'). These commands are part of the vendor's standard workflow and do not involve unauthorized privilege escalation or arbitrary code execution from untrusted sources.- [PROMPT_INJECTION]: The skill handles untrusted data through ingestion points like 'product_analysis' and 'creator_logic'. While this creates a surface for indirect prompt injection, the skill includes explicit boundary markers and 'Fail Fast' rules. Specifically, it mandates that claims must not be invented, restricts the agent from calling private provider paths, and prohibits the use of competitor brand assets as production input. These constraints serve as effective mitigations against malicious data influencing the agent's behavior.
Audit Metadata