copywriting
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is designed to ingest and analyze untrusted external data from a wide variety of formats including .pdf, .docx, .xlsx, .pptx, .jpg, .png, and .mp4 to 'extract styles'. This provides a significant attack surface for indirect prompt injection. Evidence Chain: 1. Ingestion points: Multi-format files processed via the
extract-writing-styles.pyscript. 2. Boundary markers: Absent; there are no instructions or delimiters defined to prevent the agent from obeying instructions found within the ingested files. 3. Capability inventory: The skill executes a local Python script and utilizes an API key (GEMINI_API_KEY) for processing media, which could be targeted or misused. 4. Sanitization: Absent; the skill lacks any mechanism to filter or sanitize the content of the processed files for malicious prompts. - COMMAND_EXECUTION (MEDIUM): The skill documentation instructs the agent to execute a specific local script (
extract-writing-styles.py) to list and process files. While the script is part of the skill package, this mechanism relies on the agent executing shell commands on paths that may be derived from user-provided inputs.
Recommendations
- AI detected serious security threats
Audit Metadata