sales-brand24
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches additional skill metadata from the vendor's GitHub organization via WebFetch to identify and recommend related tools from the same ecosystem.\n- [PROMPT_INJECTION]: The skill processes untrusted external content from social media mentions and remote markdown files, which presents an indirect prompt injection surface. This is consistent with its primary function of brand monitoring.\n
- Ingestion points: Brand24 monitoring data accessed via MCP and remote skill definition files fetched from GitHub.\n
- Boundary markers: No explicit delimiters or instructions are used to distinguish external data from system prompts.\n
- Capability inventory: The agent can write to local knowledge files and perform network requests to vendor-defined domains.\n
- Sanitization: No specific sanitization or filtering of external content is specified before processing.\n- [COMMAND_EXECUTION]: Documentation includes instructions for the user to manually install related skills using the npx package runner tool.
Audit Metadata