content
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by design because it processes data from the
brand/directory as hard instructional requirements. - Ingestion points: Reads core identity, voice rules, and visual styles from
brand/BRAND.md,brand/VOICE.md, andbrand/VISUAL.md. It also processes external writing samples frombrand/voice-samples/. - Boundary markers: None. The skill explicitly instructs the agent to apply these constraints as 'hard requirements, not suggestions,' which increases the risk that malicious instructions embedded in these files will be obeyed.
- Capability inventory: The skill coordinates multiple content generation sub-skills and can spawn parallel agents to perform complex, multi-platform workflows.
- Sanitization: No sanitization or validation of the content within these brand files is performed before they are interpolated into the agent context.
- [PROMPT_INJECTION]: The routing mechanism passes unvalidated user arguments directly to sub-skills.
- Ingestion points: User-supplied subcommands and arguments following the
/contenttrigger. - Capability inventory: These arguments determine which sub-skill is executed and what context is passed to it, potentially allowing for prompt injection through crafted arguments.
Audit Metadata