morning-briefing
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill's core function involves processing and summarizing untrusted data from external sources (YouTuber viewpoints).
- Ingestion points: Untrusted data enters the agent context through the
get_daily_summaryandget_ticker_sentimenttools mentioned inSKILL.md. - Boundary markers: The skill lacks explicit delimiters or instructions to treat tool outputs as untrusted data, increasing the risk that embedded malicious instructions in video transcripts or metadata could be obeyed during the 'Compile Briefing' phase.
- Capability inventory: The skill has the capability to generate reports and influence the user's market perception. If the agent is tricked by injected content, it could provide biased summaries, malicious links, or social engineering lures in the 'Notable viewpoints' or 'What to watch' sections.
- Sanitization: There are no verification or sanitization steps (e.g., length limits, keyword filtering, or instruction-detection) applied to the external sentiment data before it is presented to the user.
Audit Metadata