xhs-writer-factory
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user data (sample social media notes) to extract writing styles. This presents an indirect prompt injection surface where malicious instructions hidden in samples could potentially influence the agent. However, the multi-step analytical process (extraction of specific features like word count, tone, and sentence structure) serves as a natural filter.
- Ingestion points: Users provide 1-5 sample notes as input in Step 1 of the workflow.
- Boundary markers: Absent. The instructions do not explicitly define delimiters or 'ignore instructions' warnings for the input text.
- Capability inventory: The skill is capable of file system operations (creating directories and writing .md files) and performing web searches for news hotspots (as described in
references/phase-guides.md). - Sanitization: Not present. The skill relies on LLM analysis of the text rather than programmatic parsing.
- [COMMAND_EXECUTION]: The skill defines a local file structure (e.g.,
./output/{brand}-xhs/) and instructs the agent to organize files within it. These operations use standard agent file-handling tools and do not involve arbitrary shell command execution. - [SAFE]: The skill includes a dedicated 'Compliance' module (
references/compliance.md) that enforces risk warnings and discourages high-risk financial claims (e.g., 'guaranteed returns'), which is a positive safety practice for content generation in the financial sector.
Audit Metadata