power-user-cultivation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill identifies and analyzes external data sources such as social media mentions, community forum posts, and user-generated blog content. This creates a surface for indirect prompt injection where an attacker could embed instructions in the content being monitored.
- Ingestion points: Data gathering phase in
SKILL.md(community participation data, social mentions, blog posts). - Boundary markers: None specified in the instructions for the gathered data.
- Capability inventory: The skill consists of instructions and templates; it does not implement subprocess calls, file-write operations, or network requests.
- Sanitization: No sanitization or validation of the external content is prescribed.
- [EXTERNAL_DOWNLOADS]: The skill references well-known external services like Octolens and FirstPromoter for social monitoring and referral management. These are standard industry tools and do not involve the execution of untrusted remote scripts.
Audit Metadata