content-multiply
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from social media platforms (post titles, content, and metrics) stored in 'memory/analytics/engagement-log.json'. This constitutes an indirect prompt injection surface.
- Ingestion points: Data enters the agent context through the engagement log file and the 'engagement_data' input parameter.
- Boundary markers: No explicit delimiters or boundary markers are used to isolate untrusted content from the system instructions.
- Capability inventory: The skill's capabilities are limited to generating text derivatives and updating a local state file. It does not have network access, subprocess execution, or direct file writing capabilities beyond its own state.
- Sanitization: There is no evidence of input sanitization or filtering to prevent malicious instructions within the social media content from influencing the agent's behavior.
- [SAFE]: The skill incorporates a robust 'Approval Flow' and a 'Quality Gate' that requires the user to review all generated drafts. The instructions explicitly mandate 'NEVER auto-post', ensuring that the agent cannot act autonomously. No malicious code, obfuscation, or data exfiltration patterns were found.
Audit Metadata