keyword-cluster-architect
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from web search results without adequate boundaries.
- Ingestion points: User-defined 'niche' and 'seed_keywords' are used to perform external searches via the 'web_search' tool in Step 2.
- Boundary markers: The instructions do not define clear delimiters or provide warnings to the agent to ignore instructions embedded within the retrieved search results.
- Capability inventory: The skill utilizes 'web_search' to collect data and performs local file reads on 'shared/references/seo-strategy.md'.
- Sanitization: There is no evidence of validation or sanitization of external content before it is categorized and used to build the content roadmap.
Audit Metadata