blog-persona
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data when reading user-provided URLs to extract voice samples in Step 6. While this is a common pattern for content analysis, it presents a surface for indirect prompt injection where instructions embedded in the target webpage could attempt to influence the agent's behavior.
- Ingestion points: Web content fetched from user-provided URLs (SKILL.md).
- Boundary markers: None specified for the analysis of external content.
- Capability inventory: Read, Write, Glob, WebFetch, AskUserQuestion (SKILL.md).
- Sanitization: No explicit sanitization or instruction-filtering mentioned for the fetched content.
Audit Metadata