demand-mining
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill fetches untrusted data from social media platforms. Evidence: (1) Ingestion points: Content retrieved via WebFetch from URLs identified in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: Report generation using references/REPORT_TEMPLATE.md. (4) Sanitization: Absent.
- Data Exposure & Exfiltration (LOW): The skill performs network operations to non-whitelisted domains including reddit.com, x.com, and zhihu.com to collect user feedback.
Audit Metadata