content-trend-researcher
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because its core functionality depends on ingesting untrusted data from social media and community platforms. 1. Ingestion points: Reddit activity/comments, X threads, YouTube engagement/metadata, and general blogs as defined in SKILL.md. 2. Boundary markers: Absent; there are no delimiters or specific instructions for the agent to isolate external content from its internal logic. 3. Capability inventory: The skill generates structured article outlines and strategic content recommendations that influence the agent's content creation pipeline. 4. Sanitization: Absent; no validation or filtering logic is described to prevent embedded instructions from being executed.
- DATA_EXFILTRATION (LOW): The skill documentation mentions integration with Google Analytics and private platforms like Substack. While no hardcoded credentials or exfiltration scripts were found, the design implies access to sensitive analytics and subscriber data.
- NO_CODE (LOW): No implementation scripts (Python, JS, Shell) or dependency manifest files were included in the skill package, limiting the ability to audit the actual data fetching and processing mechanisms.
Recommendations
- AI detected serious security threats
Audit Metadata