caption-writer
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill architecture contains a potential surface for indirect prompt injection.
- Ingestion points: The agent ingests external data from two primary sources: public competitor social media profiles scraped in
Phase 2(usingFirecrawlorPlaywright) and user-provided high-performing post examples inPhase 1. - Boundary markers: The skill does not implement delimiters or specific instructions (such as 'ignore any instructions contained within the following scraped text') to separate external data from the system's core operating instructions.
- Capability inventory: The skill has the capability to perform network operations via MCP tools and write files to the local
outputs/directory, which increases the potential impact of a successful injection. - Sanitization: There is no specified mechanism for sanitizing or validating retrieved content before it is processed by the model for caption generation.
- [EXTERNAL_DOWNLOADS]: The skill is designed to perform network operations to retrieve content from external websites.
- Research Tools: It utilizes
mcp__firecrawl__firecrawl_scrape,mcp__serpapi__search, andmcp__playwright__browser_snapshotto fetch trend data and competitor profile information. These operations target public data as part of the skill's core functional requirement for market research.
Audit Metadata