review-analyst-agent
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill possesses a significant attack surface for Indirect Prompt Injection (Category 8) due to its core function of analyzing untrusted external data. Ingestion points: The
review-scraper.mdagent is explicitly designed to collect review text from untrusted external platforms including Amazon, Walmart, Reddit, and Twitter. Boundary markers: The agent prompts do not define any boundary markers, delimiters, or 'ignore embedded instructions' warnings to isolate external data from the system's instructions. Capability inventory: The skill has the capability to generate actionable improvement roadmaps, priority rankings, and sentiment analyses that directly influence agent reasoning and downstream decision-making. Sanitization: There is no evidence of sanitization, validation, or filtering of the ingested content to prevent instructions embedded within reviews from being executed by the LLM.
Audit Metadata