Skills
skills/famaoai-creator/gemini-skills/synthetic-user-persona/Gen Agent Trust Hub

synthetic-user-persona

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface detected.
  • Ingestion points: The product argument and any UI content encountered during 'exploratory testing' allow untrusted data to enter the agent context.
  • Boundary markers: None identified in the provided skill definition to isolate user-provided descriptions from the agent's core instructions.
  • Capability inventory: The skill possesses file-writing capabilities (via the out argument) and implied browser automation/navigation.
  • Sanitization: No evidence of input validation or output escaping for the generated persona data.
  • DATA_EXFILTRATION (LOW): Potential Data Exposure via Knowledge Tiers.
  • The skill documentation explicitly mentions accessing 'Confidential' and 'Personal' knowledge tiers, including 'secrets'.
  • While the skill claims to ensure no leaks, the out argument allows an operator (or an injected persona) to direct the output of the agent to an arbitrary file path, creating a vector for local data exposure of the secrets mentioned in the protocol.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:43 PM