marketing-expert
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because it is instructed to ingest data from both internal codebase files and external search results (via the Exa tool) without adequate safeguards. • Ingestion points: Internal files including 'packages/db/src/schema.ts' and 'scripts/generated/*-rbac.yaml', and external web content from competitor searches. • Boundary markers: Absent. There are no instructions provided to the agent to treat data from these sources as untrusted or to ignore instructions embedded within them. • Capability inventory: File read access across the repository and network access via search tools. • Sanitization: None. The skill does not define any validation or filtering logic for the content retrieved from external sources.
- [DATA_EXFILTRATION]: The skill explicitly directs the agent to read sensitive architectural files, such as database schemas and Role-Based Access Control (RBAC) configurations, to verify marketing claims. While these files are accessed for legitimate verification purposes, the availability of these sensitive internal structures to an agent that also performs external network searches creates a risk of unintentional data exposure.
Audit Metadata