product-demand-research

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and process untrusted external data.
  • Ingestion points: Fetches comments, social posts, and video transcripts from Reddit, TikTok, and YouTube (SKILL.md).
  • Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the fetched content.
  • Capability inventory: The skill uses Bash, Read, Write, and WebFetch tools (SKILL.md).
  • Sanitization: Absent. There is no logic provided to sanitize or filter out potential malicious instructions contained in social media data before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:55 AM
Security Audit — agent-trust-hub — product-demand-research