icp-persona-builder
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is entirely instruction-based and does not contain any executable scripts, binaries, or code files.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access behaviors were detected in the skill's instructions.
- [PROMPT_INJECTION]: The skill's research phase involves ingesting untrusted data from external websites via WebSearch and WebFetch. This creates a surface for indirect prompt injection. Ingestion points: External website content fetched during Phase 1 research. Boundary markers: Absent; the instructions do not specify delimiters for external content. Capability inventory: Web access and local file system write access to the 'clients/' directory. Sanitization: None specified for the processed web content.
Audit Metadata