community-building
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill instructions are task-oriented and include specific boundary examples that direct the agent to refuse unethical or spammy requests (e.g., auto-DMing or scraping). No patterns for overriding system safety filters were detected.
- Data Exposure & Exfiltration (SAFE): The SKILL.md file contains an explicit instruction: 'Never request credentials or private access.' There are no references to sensitive file paths or network-capable commands like curl or wget.
- Unverifiable Dependencies & Remote Code Execution (SAFE): This is a no-code skill. It does not include any Python or Node.js dependencies, nor does it attempt to download or execute external scripts.
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process user-provided data regarding products and target audiences. While it lacks formal delimiters for this untrusted input, the skill has no dangerous capabilities (no subprocess calls, no network access, no file writes), meaning any potential injection is confined to the generated text output.
Audit Metadata