product-demand-research
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and process untrusted external data.
- Ingestion points: Fetches comments, social posts, and video transcripts from Reddit, TikTok, and YouTube (SKILL.md).
- Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the fetched content.
- Capability inventory: The skill uses
Bash,Read,Write, andWebFetchtools (SKILL.md). - Sanitization: Absent. There is no logic provided to sanitize or filter out potential malicious instructions contained in social media data before processing.
Audit Metadata