content-trend-researcher
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is designed for high-volume data ingestion from untrusted platforms (Category 8: Indirect Prompt Injection). Evidence: 1. Ingestion points: Specifically targets Reddit activity, YouTube engagement, X threads, and blog content (SKILL.md). 2. Boundary markers: None mentioned in instructions to separate external data from system instructions. 3. Capability inventory: The skill has high influence as it generates detailed content outlines and strategic recommendations that guide subsequent agent tasks (SKILL.md). 4. Sanitization: No sanitization or filtering protocols are described for the external content. This allows an attacker to embed instructions in public social posts to manipulate the agent's research output.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill's primary function is to fetch and process data from a wide variety of external domains. While specific URLs aren't provided in scripts, the workflow described creates a significant attack surface for data poisoning.
- [NO_CODE] (LOW): No executable scripts (Python/JS) are provided in the skill package. The analysis is based on documented capabilities. The absence of code prevents verification of how the agent handles sensitive data like API keys if it were to implement the described features.
Recommendations
- AI detected serious security threats
Audit Metadata