seo-content-brief
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through its web extraction and search capabilities.
- Ingestion points: The
infsh app run tavily/extractcommand inSKILL.mdis used to fetch content from arbitrary external URLs. - Boundary markers: The instructions do not define clear delimiters or "ignore" directives to prevent the agent from following malicious instructions potentially embedded in the scraped web content.
- Capability inventory: The skill is granted
Bash(infsh *)tool access, which allows it to run various CLI applications, including search, extraction, and image generation. - Sanitization: There is no evidence of content sanitization or validation performed on the data retrieved from external sources before it is processed by the agent context.
Audit Metadata