brand-yml
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process information from external URLs and uploaded files (PDFs, images, documents). This behavior constitutes a surface for indirect prompt injection, as the agent may encounter instructions embedded in the source material. However, this is the primary intended function of the skill.
- Ingestion points: Content retrieved via
web_fetchand data from user-uploaded brand guidelines inSKILL.md. - Boundary markers: The skill does not currently use explicit delimiters or specific instructions to the agent to ignore directives found within the external brand data.
- Capability inventory: The skill uses
web_fetch, web search, and writes files to the/mnt/user-data/outputs/directory. - Sanitization: There is no explicit sanitization or instruction-filtering defined for the ingested brand content.
- [SAFE]: All file operations and network requests for brand research (e.g., Google Fonts, university brand guides) are legitimate and consistent with the skill's stated purpose. The installation and build instructions in the documentation follow standard development practices.
Audit Metadata