content-strategy
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to analyze untrusted data from external sources including web search results (Reddit, Quora), call transcripts, and survey data. This creates a surface for indirect prompt injection, where malicious instructions hidden in the data could influence the agent's output. Mitigation is provided by the absence of dangerous system capabilities.
- Ingestion points: .agents/product-marketing-context.md, web search results, call transcripts, and survey data.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined for analyzed data.
- Capability inventory: No dangerous capabilities found; the skill generates text reports and tables.
- Sanitization: No sanitization or filtering of input data is described in the instructions.
- [NO_CODE]: The skill consists entirely of natural language instructions and evaluation criteria. It contains no executable scripts, binaries, or package dependencies, which limits the attack surface to the prompt level.
Audit Metadata