trending-ad-hook-spotter
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to construct and execute shell commands (e.g., using python3 to run scraper scripts) that incorporate user-provided inputs like industry keywords and competitor names. Without proper sanitization of these inputs, there is a risk of command injection if the agent executes these via a shell.
- [PROMPT_INJECTION]: The skill ingests data from external sources which creates an indirect prompt injection surface.
- Ingestion points: Untrusted content is retrieved from Twitter/X, Reddit, LinkedIn, and Hacker News (Phase 1).
- Boundary markers: The instructions lack specific boundary markers or 'ignore' commands that would help the agent distinguish between its own logic and instructions embedded within the scraped social media content.
- Capability inventory: The skill utilizes subprocess execution to run Python scripts and file system access to save generated ad hooks.
- Sanitization: There is no evidence of input validation or content sanitization to prevent malicious data from influencing the agent's logic or damaging the system via shell execution.
Audit Metadata