skills/mikefilsaime-groove/clickcampaigns-for-claude-code-in-cursor/vsl-hybrid-funnel/Gen Agent Trust Hub
vsl-hybrid-funnel
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to process untrusted user input to populate sales templates, creating a vulnerability surface for instruction injection.
- Ingestion points: The skill uses multiple placeholders in SKILL.md (e.g., [topic], [Name], [problem], [Product Name]) that are intended to be filled with user-supplied data.
- Boundary markers: Absent. There are no delimiters or system-level instructions provided to ensure the agent ignores potential commands embedded within the user's input.
- Capability inventory: The skill's primary function is text and HTML generation; it does not exhibit dangerous capabilities such as file system modification, network requests, or subprocess execution.
- Sanitization: Absent. No validation or escaping logic is defined for the external content before it is interpolated into the prompt.
Audit Metadata