generate-note-ideas
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from YouTube comments, video transcripts, and web search results, which creates a surface for indirect prompt injection.\n
- Ingestion points: YouTube content (Step 1), Substack archives (Step 2), and niche web trends (Step 3).\n
- Boundary markers: No explicit delimiters or instructions are provided to the model to ignore embedded commands in the source material.\n
- Capability inventory: The skill has permissions to read and write files in the local
./substack/notes/directory and perform network operations via tools.\n - Sanitization: There is no process for sanitizing or escaping the retrieved content before it is passed to the ideation skill.\n- [EXTERNAL_DOWNLOADS]: The skill uses web fetch and specialized tools to retrieve content from well-known platforms like YouTube and Substack for analysis.\n- [COMMAND_EXECUTION]: The skill performs local file management tasks, specifically reading from and writing to the
./substack/notes/directory to maintain a processed content log and store ideas.
Audit Metadata