mkt-icp-research
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because its core functionality involves processing untrusted external data.
- Ingestion points: The skill retrieves information from social communities (Reddit, Facebook), review platforms (G2, Capterra), and content platforms (YouTube comments) using tools like Playwright and WebSearch.
- Boundary markers: There are no specified instructions to delimit or isolate the retrieved Voice of Customer (VoC) data from the agent's operational logic, which could allow instructions hidden in the scraped text to influence the agent.
- Capability inventory: The skill leverages powerful tools such as browser automation (Playwright) and data fetching capabilities (Apify), which could be misused if an injection occurs.
- Sanitization: The instructions provide no guidance for sanitizing, escaping, or validating the external content before it is incorporated into the final persona profiles or messaging frameworks.
Audit Metadata