marketing-copy
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest external data (target audience, product details, objections) and has the capability to modify the filesystem using the
WriteandEdittools. It lacks boundary markers or instructions to ignore embedded commands within the input data. - Ingestion points: The 'Gather Context' phase in
SKILL.mdexplicitly instructs the agent to ask for and process external input regarding the product and audience. - Boundary markers: Absent. There are no delimiters or system instructions to prevent the agent from following commands embedded in the provided marketing context.
- Capability inventory: The skill requests
Read,Glob,Grep,Write, andEditpermissions inSKILL.md. This allows for full file system traversal and modification. - Sanitization: Absent. There is no logic to validate or sanitize the input strings before they are used in the generation process or potentially passed to file-writing tools.
- Command Execution (LOW): While the skill requests filesystem tools, it does not explicitly contain malicious shell commands. The risk is primarily in how these tools could be abused via user-provided data.
- Data Exposure (LOW): The
ReadandGlobtools allow the agent to access any file the host process can reach. Without strict scoping, this presents a risk of sensitive data exposure if the agent is manipulated via injection.
Recommendations
- AI detected serious security threats
Audit Metadata