Brand Voice Coach
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown text for instructional purposes. No Python, Node.js, or shell scripts are included, precluding any direct execution of malicious commands.
- [Indirect Prompt Injection] (INFO): The skill defines workflows for auditing and rewriting external content, which constitutes an ingestion point for untrusted data. However, the lack of any system capabilities (file writing, network access, or subprocess execution) renders this surface non-exploitable. 1. Ingestion points: 'Audit content' and 'Rewrite this' command triggers in Quick Reference. 2. Boundary markers: Absent from the workflow instructions. 3. Capability inventory: No executable scripts or system calls are present. 4. Sanitization: None.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or sensitive file paths were detected in the documentation.
Audit Metadata