Skills
skills/stephenturner/skill-brand-yml/brand-yml/Gen Agent Trust Hub

brand-yml

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes web_fetch and web search capabilities to retrieve CSS, metadata, and branding information from arbitrary URLs provided by the user.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external sources to generate its output.
  • Ingestion points: External data is ingested via web_fetch of user-specified URLs and by reading content from uploaded brand guidelines (PDF, images, or documents).
  • Boundary markers: There are no explicit instructions or delimiters used to separate user-provided branding data from the system instructions, nor are there commands to ignore embedded instructions.
  • Capability inventory: The skill has read access to the web and the ability to write generated files to the /mnt/user-data/outputs/ directory for user retrieval.
  • Sanitization: The instructions do not include steps to sanitize or validate extracted text/CSS for malicious prompt injection payloads before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 03:40 AM