Skills
skills/jubscodes/get-shit-pretty/launch/Gen Agent Trust Hub

launch

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes content from external, potentially untrusted files and web search results to guide the behavior of a sub-agent.
  • Ingestion points: Content is read from .design/projects/{project}/BRIEF.md, brand strategy documents (e.g., voice-and-tone.md, messaging.md), and search results from the WebSearch tool.
  • Boundary markers: The process does not define specific delimiters or instructions to prevent the agent from following commands that might be embedded within the project files or search results.
  • Capability inventory: The skill is granted access to the Write, Agent, and Bash tools, providing a significant range of actions that could be influenced by injected instructions.
  • Sanitization: There is no evidence of validation or sanitization of the input data before it is passed to the gsp-campaign-director agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 07:13 PM