brand-voice-analyzer
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions explicitly direct the agent to analyze sensitive data types if available, including "Internal comms (all-hands emails, Slack announcements, internal memos)" (SKILL.md). This exposes sensitive information to the agent's processing environment, where it could be vulnerable to misuse or accidental exposure.
- [PROMPT_INJECTION]: The skill is designed to ingest untrusted data from URLs and local files (SKILL.md), creating a surface for indirect prompt injection.
- Ingestion points: SKILL.md (Phase 1) specifies the use of WebFetch for content from URLs and Read/Glob for local files, including potential internal communications logs.
- Boundary markers: The instructions lack requirements for boundary markers or delimiters to isolate untrusted data from the agent's internal instructions.
- Capability inventory: The skill uses tools including Bash, Write, Edit, and WebFetch, which could be abused if an injection attack is successful.
- Sanitization: There are no instructions to sanitize or validate the ingested content before it is processed for analysis.
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
Bashtool (SKILL.md). While the current workflows do not detail specific shell commands, the availability of a high-privilege execution environment in the same context as untrusted data fetched from the web increases the potential impact of an exploit.
Audit Metadata