content-calendar
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external web sources to perform competitor and trend analysis.
- Ingestion points: External content scraped from competitor social media profiles via Firecrawl/Playwright and trending topics retrieved via SerpApi search results (SKILL.md, Phase 2).
- Boundary markers: The instructions do not specify the use of delimiters or clear separation markers (e.g., XML tags or triple quotes) when interpolating external research data into the prompt context.
- Capability inventory: The skill has the capability to write structured content to the local file system (context/content-calendar.md) and provides instructions that influence the behavior of downstream agent skills like /caption-writer and /social-creative-designer.
- Sanitization: There is no mention of filtering, escaping, or validating the external content before it is processed by the agent.
Audit Metadata