brand-discovery
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze external, untrusted data sources including customer interviews, sales recordings, support tickets, and online reviews (e.g., Reddit, Trustpilot). This creates an attack surface for indirect prompt injection, where malicious instructions embedded in processed research data could attempt to influence the agent's output or recommendations.
- Ingestion points: Specified in
SKILL.md(sales calls, support tickets, reviews, analytics) andreferences/interview-guide.md(transcripts). - Boundary markers: The instructions do not define explicit delimiters or warnings for the agent to ignore instructions embedded within the research data.
- Capability inventory: The skill primarily performs text analysis and file writing (
discovery-report.md). No dangerous subprocess or network capabilities are requested in the provided files. - Sanitization: The
SKILL.mdfile mentions the use of 'sanitized' interview notes, which serves as a basic manual mitigation for data handling.
Audit Metadata