brand-monitor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes shell commands including curl and inline python3 scripts to interact with APIs and process JSON data.
- [EXTERNAL_DOWNLOADS] (LOW): The skill makes network requests to the api.brand.dev domain to perform its core functions.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from the web (such as article titles and mention snippets) and presents it to the agent without sanitization or boundary markers. 1. Ingestion points: API response fields from brand/search and monitor mentions. 2. Boundary markers: Absent in the skill instructions. 3. Capability inventory: Shell execution (curl) and Python script execution. 4. Sanitization: No content escaping or validation is performed on retrieved web data before presentation to the agent.
Audit Metadata