ds-content-perf
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
- Ingestion points: Data from Google Analytics 4 (GA4) and Search Console (GSC), specifically page titles and URLs, are processed in Step 2.
- Boundary markers: The skill does not implement explicit boundary markers or delimiters when interpolating ingested analytics data into the prompt for the final report generation phase.
- Capability inventory: The skill has access to a restricted Bash tool (limited to ds_utils.py), MCP analytics tools, and local file reading capabilities.
- Sanitization: While the skill uses ds_utils.py to clean UTM parameters and aggregate URLs, it does not perform sanitization to detect or neutralize natural language instructions embedded within the processed data.
- [COMMAND_EXECUTION]: The skill uses local command execution for data processing and context loading.
- Evidence: The frontmatter limits the Bash tool to executing a specific Python utility script (ds_utils.py).
- Evidence: The skill uses a cat command to read business context from a local path (.agents/product-marketing-context.md).
Audit Metadata