Skills
skills/nikiandr/goose-skills/brand-voice-extractor/Gen Agent Trust Hub

brand-voice-extractor

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is composed of purely instructional text and does not include any executable code or scripts.
  • [NO_CODE]: No scripts (Python, JavaScript, Shell) are included in the skill package, minimizing the risk of arbitrary code execution.
  • [PROMPT_INJECTION]: The skill processes untrusted external content via web fetching (Phase 2), which creates a surface for indirect prompt injection. Evidence Chain: 1. Ingestion point: SKILL.md (Phase 2: Fetch and Extract Text) uses WebFetch on external URLs. 2. Boundary markers: Absent; no explicit delimiters or instructions to ignore embedded commands are specified. 3. Capability inventory: The skill is limited to content analysis and Markdown report generation; it lacks high-privilege tools like shell access or file writing. 4. Sanitization: No sanitization or filtering of fetched text is specified. The risk is low as the skill is used for analysis and does not take automated actions on the host system.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 11:42 AM