trending-ad-hook-spotter
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
python3to execute multiple local scraper scripts (scrape_twitter.py,scrape_reddit.py,scrape_linkedin_posts.py,scrape_hn.py) within its sub-skill directories. These scripts are invoked with arguments such as<industry keyword>,<competitor>, and<relevant_subreddits>which are interpolated from user-provided input. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external, untrusted social media platforms (Twitter/X, Reddit, LinkedIn, and Hacker News).
- Ingestion points: Social media posts and trends are scraped in Phase 1 and the resulting data enters the agent context for analysis in Phase 2.
- Boundary markers: No explicit boundary markers or delimiters are present in the processing logic to distinguish between trusted instructions and potentially malicious commands embedded in the scraped content.
- Capability inventory: The skill possesses the ability to execute local scripts via
python3and write files to the local directory (e.g.,clients/<client-name>/ads/). - Sanitization: There is no evidence of sanitization, filtering, or validation of the external content before it is passed to the LLM to generate the final ad hook output.
Audit Metadata