content-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is purpose-built to ingest untrusted data from various external sources including social media, product reviews, and video comments (Evidence:
SKILL.md,README.md). - Ingestion points: Ingests arbitrary text through the
TextAnalyzerandLLMAnalyzermodules mentioned intest_skill.pyandSKILL.md. - Boundary markers: Absent. There are no instructions or templates provided to wrap external content in delimiters or to instruct the agent to ignore instructions embedded in the analyzed text.
- Capability inventory: The skill is granted powerful tools including
Bash,Write, andEdit. If the LLM processes an 'insight' containing an injection and subsequently calls a tool, it could lead to compromise. - Sanitization: No sanitization, validation, or filtering of the input text is mentioned or implemented in the provided logic.
- External Downloads (LOW): The skill requires several third-party Python libraries and NLTK datasets (Evidence:
README.md,SKILL.md). - Packages:
pandas,numpy,matplotlib,seaborn,nltk,scikit-learn,wordcloud,openai,dashscope,requests. - Status: All downloads originate from trusted repositories (PyPI, NLTK servers), which downgrades the severity of this finding to LOW per [TRUST-SCOPE-RULE].
- Credential Handling (INFO): The skill documentation provides code snippets for setting API keys via hardcoded strings (Evidence:
SKILL.mdunder 'API Setup Examples'). - Observation: While no real credentials are leaked, this encourages an insecure development pattern compared to using environment variables or secret managers.
Recommendations
- AI detected serious security threats
Audit Metadata