viral-generator-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The content consists of architectural patterns and role-play instructions for a 'Viral Generator Architect'. There are no instructions to ignore system rules or bypass safety protocols.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network operations to external domains were found.
- [Indirect Prompt Injection] (LOW): The skill describes tools that ingest untrusted user data (names, quiz answers, photos).
- Ingestion points: Input Design section in
SKILL.md(Name, Birthday, Quiz answers, Photo upload). - Boundary markers: Absent in the provided code templates.
- Capability inventory: No system-level capabilities or network operations are included in the skill scripts.
- Sanitization: Not mentioned in the patterns, which is a common omission in design templates but presents no direct risk to the agent executing the skill.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not reference or download any external packages or remote scripts.
- [Dynamic Execution] (SAFE): Contains static JavaScript snippets for scoring and hashing logic. No use of
eval(),exec(), or runtime compilation was detected.
Audit Metadata