brand-voice-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external websites and processes it through an LLM without explicit boundary markers or sanitization.
- Ingestion points: External URLs fetched via WebFetch and local content-inventory.json files (SKILL.md).
- Boundary markers: Absent; there are no instructions for the agent to disregard instructions potentially embedded in the fetched content.
- Capability inventory: WebFetch capability for network access (SKILL.md).
- Sanitization: Absent; no methods are defined to filter or escape the fetched text before analysis.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the WebFetch capability to retrieve content from arbitrary, user-defined, or discovered URLs. While essential for brand voice analysis, this involves interacting with untrusted external infrastructure.
Audit Metadata