brand-identity-wizard
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill possesses a surface for Indirect Prompt Injection (Category 8) because it is designed to ingest and process untrusted data from external sources.
- Ingestion points: WIZARD.md (Path A) explicitly instructs the agent to analyze user-provided content such as website URLs, past content, and brand documents.
- Boundary markers: Absent. The instructions do not define delimiters or specific system-level warnings to disregard instructions potentially embedded within the ingested brand materials.
- Capability inventory: Low. The skill is limited to content synthesis and the generation of a markdown file (brand-identity.md). It does not include scripts for network exfiltration or shell command execution.
- Sanitization: Absent. There is no logic provided to filter or escape adversarial content from the input materials before they are synthesized into the output document.
- [NO_CODE] (SAFE): Analysis of all skill files (SKILL.md, WIZARD.md, README.md, and templates) confirms that no executable code, shell scripts, binaries, or package dependencies are present. The skill relies entirely on natural language instructions to the AI agent.
Audit Metadata