ai-writing-content
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill exhibits an Indirect Prompt Injection surface where untrusted data influences model output used in downstream operations.
- Ingestion points: Untrusted strings are accepted via the 'topic' parameter in BlogWriter, 'product_details' in ProductWriter, and 'brief' in EmailComposer.
- Boundary markers: The DSPy signatures (e.g., PlanBlogPost, ComposeEmail) do not utilize boundary delimiters to isolate user-provided data from instructional prompts.
- Capability inventory: Example 2 includes a 'save_to_catalog' function (write capability), and Example 3 generates content for external email distribution.
- Sanitization: No input validation or filtering is performed on user-supplied parameters before they are processed by the Language Model.
Audit Metadata