discover-brand
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection by design, as it is intended to ingest and process large amounts of data from external, potentially attacker-controlled environments.\n
- Ingestion points: Data is retrieved from Notion, Confluence, Box, Microsoft 365, Figma, Gong, Granola, and Slack as described in
SKILL.mdandreferences/search-strategies.md.\n - Boundary markers: The instructions do not define any delimiters or structural isolation to prevent malicious instructions embedded in retrieved documents from influencing the agent's behavior.\n
- Capability inventory: The skill uses the
Tasktool to delegate work, reads configuration from.claude/brand-voice.local.md, and has the capability to write the final output to.claude/brand-voice-guidelines.md.\n - Sanitization: There is no evidence of sanitization, filtering, or validation of the content pulled from external platforms before it is passed to the analysis phase.
Audit Metadata