content-planner
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external sources without sufficient isolation.
- Ingestion points: The skill uses WebFetch to analyze external URLs in Phase 1 Step 3 and reads user-provided documents in Phase 1 Step 1.
- Boundary markers: Absent. There are no instructions or delimiters provided to the agent to distinguish between data and potentially malicious instructions within the fetched content.
- Capability inventory: The skill utilizes WebSearch, WebFetch, and local file system access for reading and writing content.
- Sanitization: No sanitization or validation is performed on the data retrieved from external URLs before it influences the writing process.
Audit Metadata