Skills
skills/oimiragieo/agent-studio/brand-compliance/Gen Agent Trust Hub

brand-compliance

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill logic in scripts/main.cjs resolves file paths for reading content and writing reports using path.resolve(PROJECT_ROOT, path). This implementation fails to verify that the resulting paths are contained within the project directory, potentially allowing for directory traversal (e.g., using ../../ in the contentPath or outputPath parameters) to access or overwrite files outside the intended project scope.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data (marketing copy, design assets) which is then analyzed by the AI without sufficient protective measures.
  • Ingestion points: Content enters the skill via the contentPath or contentText properties in scripts/main.cjs and is processed according to instructions in SKILL.md (Steps 1, 2, and 5).
  • Boundary markers: The agent's instructions do not utilize delimiters (e.g., XML tags) or specific directives to ignore embedded instructions within the audited content.
  • Capability inventory: The agent is equipped with high-privilege file system tools including Read, Write, Edit, Grep, and Glob.
  • Sanitization: There is no sanitization, escaping, or validation of the external content before it is interpolated into the agent's context for tone and visual analysis.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 02:04 PM