Content Personalization
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core function of processing untrusted external data.
- Ingestion points: The skill ingests 'textbook content' and 'user profile' data as primary inputs for adaptation.
- Boundary markers: Absent. The instructions do not define delimiters or specify that the agent should ignore instructions embedded within the textbook content.
- Capability inventory: None. The skill consists entirely of natural language instructions and lacks scripts, network access, or file-writing capabilities.
- Sanitization: None. There is no logic provided to filter or escape malicious instructions that might be hidden in the content being personalized.
- Data Exposure (INFO): The workflow requires retrieving information from the user profile. While necessary for the stated purpose, this creates a data exposure surface if the agent is manipulated into revealing more profile information than intended during the adaptation process.
- No Code (INFO): The skill contains no executable scripts, binaries, or configuration files, which significantly limits the potential for technical exploitation like RCE or persistence.
Audit Metadata