content-repurpose
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local Python script
campaign-tracker.pywith the--brandargument derived from local configuration files in the user's home directory. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted external content (URLs, documents, or text) to generate derivative marketing pieces. 1. Ingestion points: The 'Original content' input field allows for the submission of external URLs and uploaded documents (SKILL.md). 2. Boundary markers: The process lacks explicit delimiters or instructions to ignore embedded commands within the source content. 3. Capability inventory: The agent can read local brand profiles from the filesystem and execute local Python scripts. 4. Sanitization: There is no mention of validation or sanitization of the input content before processing.
Audit Metadata