content-brief-factory
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external websites, G2/Capterra reviews, and Reddit posts to generate content briefs.\n
- Ingestion points: Untrusted data enters via
fetch_webpage(Phase 2B),scrape_reviews.py(Phase 2C), andscrape_reddit.py(Phase 2C).\n - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the prompts.\n
- Capability inventory: The skill executes local Python scripts and performs file-write operations to save briefs and summaries.\n
- Sanitization: No sanitization, escaping, or filtering of external content is specified before the data is analyzed by the model.\n- [COMMAND_EXECUTION]: The skill instructs the agent to run local Python scripts (e.g.,
catalog_site.py,scrape_reviews.py,scrape_reddit.py) using shell commands with interpolated user input such as URLs, keywords, and product names. This presents a surface for command injection if inputs are not sanitized by the underlying agent implementation.\n- [EXTERNAL_DOWNLOADS]: The skill makes network requests to well-known SEO and research services including SerpAPI, Serper.dev, DataForSEO, and Apify using user-provided API keys. These are documented as legitimate external sources for the skill's primary functionality.
Audit Metadata