marketing-expert
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to ingest and process untrusted content from the codebase and external search results.
- Ingestion points: Reads files from
packages/,scripts/, and uses 'Exa search' for external market research. - Boundary markers: Absent. No instructions are provided to delimit external data or ignore embedded commands in the processed files.
- Capability inventory: Uses file reading tools and external search tools; the persona encourages decision-making and rapid 'shipping' of content.
- Sanitization: Absent. No validation or filtering of ingested content is mentioned.
- [DATA_EXFILTRATION]: The skill directs the agent to access sensitive architectural and security configuration files to verify marketing claims. While intended for accuracy, this exposes security posture details to the model context.
- Evidence: Instructs auditing of
scripts/generated/*-rbac.yaml(Role-Based Access Control) andpackages/db/src/schema.ts(Database schema). - [PROMPT_INJECTION]: The instructions use strong persona-steering language that encourages the agent to bypass standard consultative behavior in favor of autonomous decision-making.
- Evidence: "You make decisions
- Don't present options, present solutions", "You are the marketing lead... you own this product", and "You are measured by conversions, not compliments."
Audit Metadata