guest-contributor-article
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to ingest and process content from untrusted external sources such as YouTube transcripts and social media posts. This data ingestion creates a surface where instructions hidden in the sources could influence the agent's behavior. * Ingestion points: External content gathered via tools like youtube-downloader and twitter-scraper into the sources directory. * Boundary markers: No technical delimiters are specified to isolate untrusted source text from the agent's instructions during the drafting process. * Capability inventory: The skill chain identifies capabilities for web scraping and automated publishing via webflow-publish. * Sanitization: There is no mention of filtering or sanitizing external content before it enters the LLM context.
- [NO_CODE]: The provided skill file contains only markdown instructions and documentation, with no executable code, shell scripts, or binary files included.
Audit Metadata