brand-voice-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill collects user-provided strings for brand names and descriptions to populate configuration files. While this creates a potential surface for indirect prompt injection if downstream tools parse this data insecurely, the behavior is inherent to the skill's primary function as a template generator.
- [Data Exposure] (SAFE): Operations are limited to reading templates and writing brand configuration files to a designated local path. No access to credentials or private system files was detected.
- [External Downloads] (SAFE): The skill contains no network calls, external script downloads, or package installations.
Audit Metadata