battlecard-generator
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the ingestion and processing of untrusted third-party data from the internet.
- Ingestion points: Data enters the agent context through
fetch_webpageandweb_searchoperations in Phase 1 (SKILL.md), targeting competitor websites, G2/Capterra reviews, and social media platforms. - Boundary markers: The instructions lack delimiters or explicit directives to the agent to disregard potential instructions embedded within the fetched external content.
- Capability inventory: The skill performs file-writing operations to save the generated battlecard to a local path (
clients/<client-name>/product-marketing/battlecards/) as specified in SKILL.md. - Sanitization: There is no evidence of sanitization, escaping, or validation of the external web content before it is processed by the model and written to the filesystem.
Audit Metadata