repurpose
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external files and URLs. Malicious instructions embedded in the source content could attempt to override the system's generation logic.
- Ingestion points: Content is retrieved via the Read tool for local files and the WebFetch tool for URLs.
- Boundary markers: The prompt template uses basic headers like 'ORIGINAL CONTENT' but does not include advanced sandboxing or delimiters to isolate untrusted content.
- Capability inventory: The ingested data is used as context for the
generate_contentandsearch_knowledge_basetools. - Sanitization: There is no evidence of content sanitization or filtering to remove potential instructions before the data is processed.
- [EXTERNAL_DOWNLOADS]: The skill provides functionality to fetch data from arbitrary web URLs. While necessary for web content repurposing, this involves fetching data from untrusted remote sources.
Audit Metadata