content-repurposer
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's primary function is to ingest external content (transcripts, markdown files) which is inherently untrusted. An attacker could embed malicious instructions in these files to hijack the agent's behavior or exfiltrate data. Evidence Chain: (1) Ingestion Points: File inputs in
scripts/main.pycommands. (2) Boundary Markers: None identified in instructions. (3) Capability Inventory: LLM processing via Anthropic API and filesystem write operations to create output directories. (4) Sanitization: Unverifiable as the implementation logic inscripts/main.pyis missing. - [Dynamic Execution] (MEDIUM): The dependency on
jinja2suggests the use of templating. If the ingested external content is interpolated directly into templates, it could lead to Server-Side Template Injection (SSTI). - [Missing Source Code] (MEDIUM): The logic file
scripts/main.pyis referenced but not provided for audit, preventing verification of how user-provided file paths and content are safely handled.
Recommendations
- AI detected serious security threats
Audit Metadata